Security Implementation Guide

Security Overview
Security Infrastructure
Trust and Salesforce
User Security Overview
About Passwords
User Authentication
Connected Apps
Custom Permissions Overview
My Domain
Identity Providers
Network-Based Security
Session Security
Securing Data Access
Platform Encryption
Auditing
Securing and Sharing Data
Configuring Salesforce Security Features
Enabling Single Sign-On
Monitoring Your Organization's Security
Security Tips for Apex and Visualforce Development
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Connected Apps

A connected app integrates an application with Salesforce using APIs. Connected apps use standard SAML and OAuth protocols to authenticate, provide Single Sign-On, and provide tokens for use with Salesforce APIs. In addition to standard OAuth capabilities, connected apps allow administrators to set various security policies and have explicit control over who may use the corresponding applications.

A developer or administrator defines a connected app for Salesforce by providing the following information.
  • Name, description, logo, and contact information
  • A URL where Salesforce can locate the app for authorization or identification
  • The authorization protocol: OAuth, SAML, or both
  • Optional IP ranges where the connected app might be running
  • Optional information about mobile policies the connected app can enforce
There are two deployment modes:
  • The app is created and used in the same organization. This is a typical use case for IT departments, for example.
  • The app is created in one organization and installed on other organizations. This is how an entity with multiple organizations or an ISV would use connected apps.
Administrators can install the connected app into their organization, enable SAML authentication, and use profiles, permission sets, and IP range restrictions to control which users can access the application. They can set the connected app to be exposed as a canvas app for tighter integration with the Salesforce UI. Administrators can also uninstall the connected app and install a newer version when a developer updates the remote app and notifies administrators that there is a new version available.

In a Group Edition organization, you can’t manage individual user access using profiles. However, you can set policies when you edit an OAuth connected app’s settings in a Group Edition organization to control access to the connected app for all users.

And, Salesforce-managed connected apps packages like those for the Salesforce1 downloadable apps can’t be uninstalled. They are automatically updated when the next user’s session refreshes.

Note

Connected apps can be added to managed packages, only. Connected apps are not supported for unmanaged packages.