Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            OAuth Access Policies - Enforce IP Restrictions Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            OAuth Access Policies - Enforce IP Restrictions Control

            Requires all external applications accessing Salesforce APIs via OAuth to remain within the company’s defined network security boundaries.

            Control Name

            OAuth Access Policies - Enforce IP Restrictions

            Control Overview

            Requires all external applications accessing Salesforce APIs via OAuth to remain within the company’s defined network security boundaries.

            Description

            Prevents integration service accounts from accessing the Salesforce UI and limits their scope to specific API calls through dedicated licenses and profiles.

            Recommended Configuration

            Enable the Integration User with the "API Only User" permission to restrict access only for API connections.

            Security Impact

            Eliminates the risk of UI-based phishing, credential reuse for manual data theft, and lateral movement by isolating system-level permissions from human user access.

            Business Impact

            Supports continuous uptime for business-critical connections by decoupling system access from individual employee lifecycles and passwords.

            Security Risk If Not Configured

            Excessive permissions to integration users increases the risk of unauthorized access to sensitive data, and unintended exposure to unauthorized users.

            Threat Scenarios

            Credential stuffing, unauthorized manual login by attackers, and unauthorized data exfiltration.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            Risk increases for orgs with many integration users, or access to sensitive business processes.

            Higher Risk When

            API only access is not enabled, allowing wider permissions to integration users.

            Low Risk When

            Restricted or no usage of APIs, with stricter access controls to integration users.

            Business and Integration Considerations

            Requires coordination with business users to make sure that there are no implications of using accounts for API only access.

            Security Health Review Guidance

            Security Health Review identifies integration users that are not enabled for API only access.

            Who Is Impacted

            Internal employees, administrators, developers, and workforce users accessing Salesforce directly.

             
            Loading
            Salesforce Help | Article