ISVforce Guide

Introduction
ISVforce Quick Start
Designing and Building Your App
Overview of Packages
Components Available in Managed Packages
About API and Dynamic Apex Access in Packages
Architectural Considerations for Group and Professional Editions
Connected Apps
Create a Connected App
Edit, Package, or Delete a Connected App
Install a Connected App
View Connected App Details
Manage a Connected App
Edit a Connected App
Monitoring Usage for a Connected App
Uninstall a Connected App
Environment Hub
Notifications for Package Errors
Packaging and Testing Your App
Passing the Security Review
Publish Your Offering on the AppExchange
Manage Orders
Managing Licenses
Provide a Free Trial
Supporting Your Customers
Upgrading Your App
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Connected Apps

A connected app integrates an application with Salesforce using APIs. Connected apps use standard SAML and OAuth protocols to authenticate, provide single sign-on, and provide tokens for use with Salesforce APIs. In addition to standard OAuth capabilities, connected apps allow Salesforce admins to set various security policies and have explicit control over who can use the corresponding apps.
Available in: both Salesforce Classic and Lightning Experience
Connected Apps can be created in: Group, Professional, Enterprise, Performance, Unlimited, and Developer Editions

Connected Apps can be installed in: All Editions

User Permissions Needed
To read: “Customize Application”
To create, update, or delete: “Customize Application” AND either

“Modify All Data” OR “Manage Connected Apps”
To update all fields except Profiles, Permission Sets, and Service Provider SAML Attributes: “Customize Application”
To update Profiles, Permission Sets, and Service Provider SAML Attributes: “Customize Application” AND “Modify All Data”
To uninstall: “Download AppExchange Packages”
A developer or Salesforce admin defines a connected app for Salesforce by providing the following information.
  • Name, description, logo, and contact information
  • A URL where Salesforce can locate the app for authorization or identification
  • The authorization protocol: OAuth, SAML, or both
  • Optional IP ranges where the connected app might be running
  • Optional information about mobile policies that the connected app can enforce

For connected apps that use OAuth service providers, define the OAuth scopes and callback URL for the connected app. In return, Salesforce provides an OAuth Consumer Key and a Consumer Secret for authorizing the connected app. Also define how the OAuth request handles the ID token in a token response.

For connected apps that use SAML service providers, you define the Entity ID, ACS (assertion consumer service) URL, Subject Type, Name ID Format and Issuer for authorizing the connected app. You get this information from the service provider.

The connected app has two modes of deployment.
  • The app is created and used in the same org. This is a typical use case for IT departments.
  • The app is created in one org and installed in other orgs. This is a typical use case for ISVs and entities with multiple orgs.
Salesforce admins can install the connected app into their org and enable SAML authentication. Then they can use profiles, permission sets, and IP range restrictions to control which users can access the app. Admins can set the connected app to be exposed as a canvas app for tighter integration with Salesforce. Admins can also uninstall the connected app and install a newer version when a developer updates the app and notifies admins that a new version is available.

In a Group Edition org, you can’t manage individual user access with profiles. However, you can set policies when you edit an OAuth connected app’s settings in a Group Edition org to control access to the connected app for all users.

You can’t uninstall connected app packages owned and distributed by Salesforce, such as the Salesforce1 for iOS package. Salesforce installs and manages them.

Note

Connected apps can be added to managed packages, only. Connected apps are not supported for unmanaged packages.