ISVforce Guide

Introduction
ISVforce Quick Start
Designing and Building Your App
Overview of Packages
Components Available in Managed Packages
About API and Dynamic Apex Access in Packages
Architectural Considerations for Group and Professional Editions
Connected Apps
Creating a Connected App
Edit, Package, or Delete a Connected App
Installing a Connected App
View Connected App Details
Manage a Connected App
Edit a Connected App
Monitoring Usage for a Connected App
Uninstalling a Connected App
Environment Hub
Packaging and Testing Your App
Passing the Security Review
Publish Your Offering on the AppExchange
Manage Orders
Managing Licenses
Provide a Free Trial
Supporting Your Customers
Upgrading Your App
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Connected Apps

A connected app integrates an application with Salesforce using APIs. Connected apps use standard SAML and OAuth protocols to authenticate, provide Single Sign-On, and provide tokens for use with Salesforce APIs. In addition to standard OAuth capabilities, connected apps allow administrators to set various security policies and have explicit control over who may use the corresponding applications.
Available in: both Salesforce Classic and Lightning Experience
Connected Apps can be created in: Group, Professional, Enterprise, Performance, Unlimited, and Developer Editions

Connected Apps can be installed in: All Editions

User Permissions Needed
To read: “Customize Application”
To create, update, or delete: “Customize Application” AND either

“Modify All Data” OR “Manage Connected Apps
To update all fields except Profiles, Permission Sets, and Service Provider SAML Attributes: “Customize Application”
To update Profiles, Permission Sets, and Service Provider SAML Attributes: “Customize Application” AND “Modify All Data”
To uninstall: “Download AppExchange Packages”

A connected app integrates an application with Salesforce using APIs. Connected apps use standard SAML and OAuth protocols to authenticate, provide Single Sign-On, and provide tokens for use with Salesforce APIs. In addition to standard OAuth capabilities, connected apps allow administrators to set various security policies and have explicit control over who may use the corresponding applications.

A developer or administrator defines a connected app for Salesforce by providing the following information.
  • Name, description, logo, and contact information
  • A URL where Salesforce can locate the app for authorization or identification
  • The authorization protocol: OAuth, SAML, or both
  • Optional IP ranges where the connected app might be running
  • Optional information about mobile policies the connected app can enforce

For connected apps that use OAuth service providers, define the OAuth scopes and callback URL for the connected app. In return, Salesforce provides an OAuth Consumer Key and a Consumer Secret for authorizing the connected app.

For connected apps that use SAML service providers, define the Entity ID, ACS (assertion consumer service) URL, Subject Type, Name ID Format and Issuer (these should be available from the service provider) for authorizing the connected app.

There are two deployment modes:
  • The app is created and used in the same organization. This is a typical use case for IT departments, for example.
  • The app is created in one organization and installed on other organizations. This is how an entity with multiple organizations or an ISV would use connected apps.
Administrators can install the connected app into their organization, enable SAML authentication, and use profiles, permission sets, and IP range restrictions to control which users can access the application. They can set the connected app to be exposed as a canvas app for tighter integration with the Salesforce UI. Administrators can also uninstall the connected app and install a newer version when a developer updates the remote app and notifies administrators that there is a new version available.

In a Group Edition organization, you can’t manage individual user access using profiles. However, you can set policies when you edit an OAuth connected app’s settings in a Group Edition organization to control access to the connected app for all users.

And, Salesforce-managed connected apps packages like those for the Salesforce1 downloadable apps can’t be uninstalled. They are automatically updated when the next user’s session refreshes.

Note

Connected apps can be added to managed packages, only. Connected apps are not supported for unmanaged packages.