Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Manage Connect Apps: Allow Creation of Connected Apps - Off Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Manage Connect Apps: Allow Creation of Connected Apps - Off Control

            This security setting globally disables the organizational capability to define, register, or deploy new OAuth-enabled Connected Apps across all interfaces.

            Control Name

            Connected Apps: Manage Connected Apps: Allow creation of connected apps - Off

            Recommended Configuration

            Allow creation of connected apps - Off.

            Control Overview

            This security setting globally disables the organizational capability to define, register, or deploy new OAuth-enabled Connected Apps across all interfaces, including the User Interface and the Metadata API.

            Security Risk If Not Configured

            Unrestricted creation of Connected Apps leads to unauthorized data sharing with personal applications, resulting in significant corporate data loss through unvetted and unmanaged integration endpoints.

            Threat Scenarios

            An internal actor creates a custom connected app to link the production environment to a non-compliant third-party tool, inadvertently synchronizing sensitive customer records to an insecure external database.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Failure to restrict application creation facilitates the bypass of formal security reviews and architectural oversight, establishing permanent and unmonitored data conduits that can be exploited for exfiltration.

            Higher Risk When

            When users possess broad object-level permissions or when the company lacks automated monitoring to alert on the registration of new OAuth consumer credentials.

            Low Risk When

            If the org enforces a strict allowlist of approved redirect URIs and requires all API traffic to originate from specific, corporately managed network ranges.

            Business and Integration Considerations

            Enabling this global block prevents the local registration of legacy frameworks, requiring a strategic pivot toward the External Client App framework to ensure compatibility as Connected Apps reach their eventual end of support.

            Recommended Remediation

            Navigate to the OAuth and OpenID Connect Settings in Setup and deselect the checkbox that allows users to create connected apps to enforce a global block on new app registrations. Note: from Spring ‘26, this setting is disabled by default.

            Security Health Review Guidance

            Security Health Review identifies the restriction of self-service application creation as a strongly recommended standard to prevent the proliferation of unmanaged software and make sure that all data-sharing interfaces are subject to centralized security governance.

            See Also

             
            Loading
            Salesforce Help | Article