Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Connected App entry
How-to guide

How to set up Connected App in Salesforce

Connected Apps are how external systems integrate with Salesforce — OAuth flows, API access, SAML/OIDC SSO, mobile apps. Every integration that hits the Salesforce API needs one. Setup is short; the consumer key + secret it generates are what your external system uses.

By Dipojjal Chakrabarti · Editor, Salesforce DictionaryLast updated Apr 20, 2026

Connected Apps are how external systems integrate with Salesforce — OAuth flows, API access, SAML/OIDC SSO, mobile apps. Every integration that hits the Salesforce API needs one. Setup is short; the consumer key + secret it generates are what your external system uses.

  1. Open Setup → App Manager

    Setup → Quick Find: App Manager → App Manager.

  2. Click New Connected App

    Top-right. Distinguishes itself from Lightning Apps.

  3. Fill Basic Information

    Connected App Name, API Name, Contact Email. App Logo URL and Info URL are optional but show up to users at consent time.

  4. Tick Enable OAuth Settings

    Almost always required. Reveals OAuth-specific fields.

  5. Set Callback URL and Selected OAuth Scopes

    Callback URL is where Salesforce redirects after consent — must match what your external app sends. Scopes are what the integration can do (api, refresh_token, openid, full).

  6. Save

    Salesforce generates Consumer Key and Consumer Secret. Save now and these are what your external system uses to authenticate.

  7. Configure post-save: Manage → OAuth Policies

    Set Permitted Users (All users may self-authorize / Admin approved users), IP Relaxation, Refresh Token Policy.

Key options
Callback URLremember

Where Salesforce redirects after OAuth consent. Must match exactly. https://localhost is allowed for dev.

Selected OAuth Scopesremember

api (most common), refresh_token (for long-lived sessions), openid (for OIDC SSO), full (rarely needed).

Permitted Usersremember

All users may self-authorize / Admin approved users are pre-authorized. Pre-authorized is more secure.

IP Relaxationremember

Whether the connected app respects the org's Login IP Ranges or relaxes them.

Refresh Token Policyremember

Refresh token valid until revoked / expires after N days / immediately expires.

Gotchas
  • Consumer Key and Consumer Secret only show fully on the first save. Once you navigate away, the Secret is hidden. Save them in your secrets manager immediately.
  • Callback URL must match exactly — including trailing slash. Mismatch = OAuth fails with a generic error.
  • After Save, it can take 2-10 minutes for the Connected App to propagate to Salesforce's auth servers. Don't panic if your first OAuth attempt 401s right after creating the app — wait and retry.

See the full Connected App entry

Connected App includes the definition, worked example, deep dive, related terms, and a quiz.