Loading
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Manage Access to a Connected App

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Manage Access to a Connected App

            After a connected app is installed in your org, you can manage access to it. Configure permissions and policies for the app, explicitly defining who can use the connected app and where they can access the app from. These permissions and policies, which include user-access, IP range restrictions, and multi-factor authentication (MFA), provide extra security for your org.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience

            Connected Apps can be created in: Group, Professional, Enterprise, Performance, Unlimited, and Developer Editions

            Connected Apps can be installed in: All Editions
            Note
            Note Connected apps creation is restricted as of Spring ‘26. You can continue to use existing connected apps during and after Spring ‘26. However, we recommend using external client apps instead. If you must continue creating connected apps, contact Salesforce Support.

            See New connected apps can no longer be created in Spring ‘26 for more details.

            • Manage Third-Party Connected Apps
              If your org uses third-party apps, such as those installed from the AppExchange, you can set security policies to control what data the third-party app can access from your org. You can also define who can use the third-party app. In addition to setting security policies to manage third-party apps, you can uninstall, and—when necessary—block these apps from the Salesforce org.
            • Install a Connected App
              You install a connected app by installing a managed package that includes the connected app as a component. For example, ISVs package connected apps to make them available on AppExchange. You can also install an OAuth connected app from the Connected Apps OAuth Usage page. This page lists all OAuth connected apps that users in your org are connecting to currently—including apps that developers created in other Salesforce orgs.
            • Uninstall a Third-Party Connected App
              You can uninstall a third-party connected app from your org. However, uninstalling an app doesn’t delete the connected app. Instead it removes the OAuth policies that you set for the app in your org. Because you’re removing the policies for apps that users can still access, you’re actually loosening your security measures. We recommend uninstalling a connected app only when the original developer deletes the app from their org. To make a connected app inaccessible to your org’s users, block the app. This action ends all current user sessions with the connected app and prevents all new sessions until you unblock the app.
            • Manage Start URL Settings for a Connected App
              A start URL defines the page where users are directed to when they run the connected app. The start URL can be configured by the app owner during the setup process or managed later. If you don’t configure a start URL, users are sent to the app’s default start page after authorization completes. Start URL settings apply to all connected apps, except canvas apps. If your app is a canvas app, the connected app ignores the start URL fields. Instead, it uses the canvas app URL specified when the connected app was created.
            • Manage OAuth Access Policies for a Connected App
              Configure OAuth access policies for OAuth-enabled connected apps. These policies include defining which users can access a connected app, what IP restrictions apply to the connected app, and how long a refresh token is valid for.
            • Connected App IP Relaxation and Continuous IP Enforcement
              For security reasons, if you relax IP restrictions for your connected app, and your org has enabled Enforce login IP ranges on every request, users can’t access the app in some circumstances. This access restriction applies to all OAuth-enabled connected apps, including mobile devices.
            • Manage Session Policies for a Connected App
              Configure a connected app’s session policies to define how long a user’s session can last before reauthenticating. You can also use session policies to block user access to the connected app, or to require two-factor authentication to access the app.
            • Manage Mobile Policies for a Connected App
              Configure policies for mobile connected apps that enforce PIN protection. These policies include setting the length of the connected app’s PIN, and defining how long a session can be idle before requiring re-entry of the PIN.
            • Manage Access Through a Custom Connected App Handler
              Write a custom connected app handler in Apex to customize how the connected app is invoked. The custom handler can support new protocols or respond to user attributes in a way that benefits a business process.
            • Manage Other Access Settings for a Connected App
              The Connected App Detail page provides an overview of access settings assigned to the connected app, including OAuth policies and session policies. From this page, you can click Edit Policies to manage access to the connected app. You can also manage profiles, permission sets, custom attributes, and custom scopes associated with the connected app.
            • User Provisioning for Connected Apps
              You can use a connected app to link your users with a third-party app. User provisioning for a connected app simplifies account creation and links your Salesforce users’ accounts to their third-party accounts. After the accounts are linked, you can configure the App Launcher to display the connected app as a tile. With a single click, users get instant access to the third-party app.
            • Manage Current OAuth Connected App Sessions
              The Connected Apps OAuth Usage page displays current OAuth app connections. For apps that aren't installed, it also displays usage attempts that Salesforce automatically denied due to security restrictions. From this page, you can install or uninstall third-party connected apps, revoke an app’s active sessions, and block or unblock org-wide access to the app.
            • Manage OAuth-Enabled Connected Apps Access to Your Data
              All users can manage a OAuth-enabled connected app’s access to their Salesforce data from their personal settings. The apps that have permission to access Salesforce data are listed under advanced user details. Users can get information about each app and revoke the app’s access.

            See Also

             
            Loading
            Salesforce Help | Article