Newer Version Available
Connected App IP Relaxation and Continuous IP Enforcement
For security reasons, if you relax IP restrictions for your connected app, and your org
has enabled Enforce login IP ranges on every request, users can’t access
the app in some circumstances. This access restriction applies to all OAuth-enabled connected
apps, including mobile devices.
| Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience |
| Connected Apps can be created in: Group,
Professional, Enterprise, Performance, Unlimited, and
Developer Editions Connected Apps can be installed in: All Editions |
SAML-enabled connected apps aren’t affected, unless they are also OAuth-enabled for single
sign-on.
| IP Relaxation | When Continuous IP Enforcement Is Disabled (Default) | When Continuous IP Enforcement Is Enabled |
|---|---|---|
| Enforce IP restrictions | A user running this app is subject to the org’s IP restrictions, such as IP ranges set in the user’s profile. | A user running this app is subject to the org’s IP restrictions, such as IP ranges set in the user’s profile. |
| Enforce IP restrictions, but relax for refresh tokens | A user running this app is subject to the org’s IP restrictions, such as IP ranges set in the user’s profile, during initial login. These restrictions are relaxed when the app later uses a refresh token to obtain a new access token. | A user running this app is subject to the org’s IP restrictions, such as IP ranges
set in the user’s profile, during initial login. These restrictions are relaxed when the
app later uses a refresh token to obtain a new access token. However, for security reasons,
users can’t:
|
| Relax IP restrictions for activated devices | A user running this app bypasses the org’s IP restrictions when either of these
conditions is true.
|
A user running this app bypasses the org’s IP restrictions when either of the OAuth
conditions in the previous column is true. However, for security reasons, users can’t:
|
| Relax IP restrictions | A user running this connected app is not subject to any IP restrictions. | A user running this connected app is not subject to any IP restrictions. However, for
security reasons, users can’t:
|