External Client App Manager is the modern replacement for Connected Apps in newer Salesforce releases — registering and managing third-party apps that authenticate to Salesforce. Salesforce introduced External Client Apps to better support the modern OAuth ecosystem; existing Connected Apps continue to work but new development should use External Client Apps.
- Open Setup → External Client App Manager
Setup gear → Quick Find: External Client App → External Client App Manager.
- Click New External Client App
Top-right. Distinct from the Connected App creation flow in App Manager.
- Set Name, API Name, Description, Contact Email
Standard app metadata.
- Configure OAuth settings
Callback URL, Selected OAuth Scopes, refresh token policies — same options as Connected Apps but in a modernized UI.
- Configure External Credential (auth)
Modern Named Credentials split — auth lives in External Credential, endpoint in Named Credential.
- Save
App is registered. Salesforce generates Consumer Key + Consumer Secret — save them immediately, the secret is only shown once.
- Configure post-save permissions
Permitted Users, IP Relaxation, Refresh Token Policy — same governance options as Connected Apps.
Callback URL, Scopes, token policies.
Modern auth pattern.
All users may self-authorize / Admin approved.
Per-app override of Network Access.
- External Client Apps are the modern direction. Salesforce continues to support legacy Connected Apps but recommends External Client Apps for new integrations — confirm which path your org should use.
- Consumer Secret only shows fully on first save. Save it to your secrets manager immediately — once you navigate away, the Secret is hidden permanently.
- After Save, External Client Apps may need ~5 minutes to propagate to Salesforce's auth servers. Don't panic if your first OAuth attempt 401s right after creating — wait and retry.