You are here:
Comparison of Connected Apps and External Client Apps Features
Connected apps offer a framework to provide external applications with your Salesforce data. However, there are aspects of the framework that make it impossible to define separate user roles and difficult to package connected apps. External client apps were designed to be as useful at connecting external applications with your data as connected apps while addressing these shortcomings.
External client apps are the new generation of connected apps. They were designed to improve security and resolve the cumbersome packaging and distribution issues that affect connected apps. External client apps maintain a clean separation between proprietary developer settings and the customizable, admin-defined policies. External client apps support all but a few of the connected apps use cases.
Use this table of available features to figure out whether external client apps are the best option to integrate your external application with Salesforce.
| Feature | Connected Apps | External Client Apps |
|---|---|---|
| 2GP Packaging | Restricted (1) | Available |
| 1GP Packaging | Available | Not available |
| Distribution state management | Not available | Available |
| Distinct developer and admin user roles | Not available | Available |
| Subscriber association and disassociation | Not available | Available |
| Salesforce Setup UI | Available | Available |
| Metadata API | Restricted (2) | Available |
| OAuth 2.0 | Available | Available (3) |
| SAML | Available | Available |
| OpenID Connect | Available | Available |
| OAuth consumer key and consumer secret rotation | Available | Available |
| Trusted IP Range for OAuth Web Server Flow | Available | Available |
| Copy when cloning a sandbox | Available | Available (4) |
| API access control | Available | Not needed (5) |
| Custom attribute creation | Available | Available |
| Audit support | Available | Available |
| Logging support | Available | Available |
| Start URL management | Available | Available |
| OAuth access policy management | Available | Available |
| IP relaxation | Available | Available |
| Session policy management | Available | Available |
| Mobile policy management | Available | Available |
| Custom handler management | Available | Available |
| User provisioning | Available | Not available |
| OAuth usage management | Available | Available |
| Profile management | Available | Available |
| Permission set management | Available | Available |
| Data access management (OAuth) | Available | Available |
| Canvas | Available | Available |
| Notifications | Available | Available |
1. Packaging and distribution are some of the major issues facing connected apps. This challenge was a driving force in the development of external client apps. Connected apps use a reference model for packaging. They can’t be packaged using second-generation (2GP) packaging. However, there’s a work-around method that includes packaging connected apps in a first generation (1GP) package and referencing that packaged connected app in a 2GP package. External client apps were designed with 2GP packaging in mind and feature advanced options for packaging and distribution.
2. Connected apps can access a subset of features through the ConnectedApp endpoint in the Metadata API.
3. External client apps use OAuth protocols to authorize third-party apps. However, there are some OAuth features that are available for connected apps but aren’t available for external client apps. For example, the OAuth username-password flow won't be made available for external client apps. Also, dynamic client registration is not yet supported for external client apps.
4. Local external client apps aren’t copied to a new sandbox when you clone or refresh a sandbox. Only packaged external client apps are copied to the sandbox.
5. External client apps can’t be used without installation, so access control isn't necessary.
