Connected App Explained
Connected Apps are the primary mechanism for authorizing third-party applications, mobile apps, and backend services to access Salesforce data. When you create a Connected App, Salesforce generates a Consumer Key and Consumer Secret used in OAuth 2.0 flows, including Web Server (authorization code), User-Agent (implicit), JWT Bearer Token, Device, and Client Credentials flows. The Connected App configuration controls which OAuth scopes are allowed (e.g., api, refresh_token, full, web), session policies, IP restrictions, and whether admin pre-authorization is required.
Connected Apps also support SAML for SSO integration and can be used to manage Canvas apps. Admins control access to Connected Apps through profiles and permission sets, and can set policies for refresh token expiration, session timeout, and IP relaxation. The OAuth approval history provides an audit trail of which users have authorized the app. For service-to-service integrations, the JWT Bearer flow combined with a certificate and Named Credential is the recommended pattern. Clientell AI uses a Connected App with minimal scopes for secure, admin-approved access to your org's metadata.
Related Salesforce Terms
Named Credential
A Named Credential securely stores the endpoint URL and authentication settings for an external service, letting Apex callouts reference a logical name instead of hard-coded credentials.
Shield Platform Encryption
Shield Platform Encryption encrypts sensitive data at rest in Salesforce using tenant-specific encryption keys, protecting it beyond standard database-level encryption.
Permission Set
A Permission Set is a collection of permissions that can be assigned to users on top of their profile to grant additional access without changing the profile itself.
Profile
A Profile in Salesforce defines the baseline set of permissions, page layout assignments, and system settings that apply to every user assigned to it.