Salesforce - Connected App Usage Restrictions

Overview

Starting September 2025, uninstalled connected apps in Salesforce will be blocked for most users. If a connected app is not installed in your org, it will be inaccessible - unless a specific exception applies:

Exception: Users who already authorized the connected app and the app does not use the OAuth 2.0 Device Flow will continue to be able to use it even if it’s uninstalled.

How to Check if the Connected App is Installed

1. Go to Setup → Connected Apps OAuth Usage
2. Look at the Action column.
   1. If an app is not installed, there will be an Install button next to it.

Install the Connected App & Control Access

To comply with the new restrictions while maintaining access:

1. Install the app:
   Navigate to Setup → Connected Apps OAuth Usage, locate the app, and click Install.
2. Manage who can access the app:
   1. Go to Setup → Manage Connected Apps.
   2. Select the app and click Edit.
   3. Under OAuth Policies → Permitted Users, choose one of:
      1. Admin approved users are pre-authorized
         (Recommended. Admins explicitly grant access via profiles or permission sets.)
      2. All users may self-authorize
         (Less secure. Users authorize the app themselves.)

Assign Access 

Via Profiles

Open the profile → scroll to Connected App Access → enable or disable specific connected apps.

Via Permission Sets

Open or create a permission set → under Assigned Connected Apps, add the installed app → enable access.

Troubleshooting Note:

• When you first test application connections under “Admin approved users are pre-authorized,” you may see an invalid grant error if the token needs refreshing. In that case, refresh the token by re-validating the Salesforce connection in Riva Cloud. See "Re-validating a Salesforce Connection.
• If “Riva cloud Authentication Error: Failure - Missing OauthCode” persists after connected app access is granted via profile, assign access through a permission set and re-test. This has been shown to resolve the issue in some environments.

Security and Best Practices

• Use Admin-approved pre-authorization whenever possible to maintain tighter control.
• Regularly review installed connected apps to ensure they are still needed.
• Limit access to only those users who require it.

References

• https://admin.salesforce.com/blog/2025/get-ready-for-changes-to-connected-app-usage-restrictions
• https://help.salesforce.com/s/articleView?id=005132365&type=1
• https://help.salesforce.com/s/articleView?id=xcloud.security_api_access_control_all_users.htm&language=en_US&type=5