Loading
Ongoing maintenance for Salesforce HelpRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Manage Other Access Settings for a Connected App: Manage Profiles Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Manage Other Access Settings for a Connected App: Manage Profiles Control

            This security setting defines the specific user cohorts authorized to access an application by mapping defined administrative profiles to the connected app metadata.

            Control Name

            Connected Apps: Manage Other Access Settings for a Connected App: Manage Profiles

            Recommended Configuration

            Manage Profiles.

            Control Overview

            This security setting defines the specific user cohorts authorized to access an application by mapping defined administrative profiles to the connected app metadata.

            Security Risk If Not Configured

            Unrestricted profile assignments for connected apps lead to a lack of granular control that significantly increases the blast radius of application-based data exposure.

            Threat Scenarios

            An admin incorrectly assigns a broad standard user profile to a high-sensitivity integration, allowing thousands of unauthorized employees to access a business critical app containing sensitive data bypassing standard field-level security.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Failure to restrict access to specific profiles facilitates over-privileged application sessions and complicates the auditing of which users are actively transmitting organizational data to external endpoints.

            Higher Risk When

            When the Permitted Users policy is set to All users may self-authorize, as this lets any user in the organization to grant data access without administrative oversight.

            Low Risk When

            If the org implements the principle of least privilege by assigning only the minimum necessary profiles required for the integration to function.

            Business and Integration Considerations

            Restricting profiles ensures a tailored application experience for specific business units, although it requires ongoing administrative maintenance as new roles or teams are onboarded to the platform.

            Recommended Remediation

            Go to the Manage Connected Apps page, select the specific application, click Manage Profiles, and assign only the relevant profiles required for legitimate business access.

            Security Health Review Guidance

            Security Health Review identifies profile-based application gating as a strongly recommended standard to enforce strict identity boundaries and make sure that integration access is explicitly aligned with a user's functional responsibilities.

            See Also

             
            Loading
            Salesforce Help | Article