In an earlier blog post, we reviewed how Salesforce connects apps via OAuth and allows administrators to easily view, manage, and revoke access to 3rd party applications that have been authorized. In this blog, we will dive a bit deeper into managing the app policies of these 3rd party apps that have been authenticated via OAuth.
Manage App Policies
Similar to the previous OAuth post, navigate to Setup. In the Quick Find box, search Connected Apps oAuth Usage. Here, you are presented with the screen below.
Next, click on the Manage App Policies hyperlink next to the 3rd party application to manage it. In this case, I am going to manage the policies of Workbench. (This tool was covered in a previous blog series).
Once you click on the Manage App Policies hyperlink, you are taken to a screen with many configuration options. This page details how the application interacts with your org.
On this page, many of the policies are inherited from system-wide security settings. However, you do have the ability to leverage unique controls on an app-by-app basis depending on the needs of your company.
Below, we discuss some of the more commonly updated values on this page – the OAuth Policies section.
To ensure that only a subset of users is able to access the app via oAuth connection, change the Permitted Users drop down to a value of “Admin Approved Users Are Pre-Authorized”. This setting restricts who is able to access the app based on who the admin team authorizes.
The other commonly updated value on this page is the IP Restriction page. You have the choice to Enforce IP Restrictions, Relax IP Restrictions and Enforce IP Restrictions but Relax for Refresh Tokens.
If Managing App Policies is new to you, there are other attributes to explore as well. Some other topics within this area of Salesforce to explore are Session Policies and Custom Connected App Handlers.
Stay tuned for future blogs diving into these more complex topics for managing your connected apps.
- Previous oAuth blog post: Salesforce OAuth
- Salesforce Help: Manage OAuth Access Policies for a Connected App