Definition
A Connected App is a framework that allows an external application to integrate with Salesforce using APIs, standard protocols like OAuth 2.0 and SAML, and other authentication mechanisms. Connected Apps define which API permissions are granted, enforce security policies, and control how external systems access Salesforce data.
Real-World Example
An IT team creates a Connected App to allow their internal HR portal to read and update Employee records stored in Salesforce. The Connected App is configured with OAuth 2.0 client credentials flow, a specific API scope limited to the Employee object, and IP range restrictions so that only the HR portal's servers can authenticate.
Why Connected App Matters
A Connected App is a framework in Salesforce that enables external applications to integrate securely using APIs, standard protocols such as OAuth 2.0 and SAML, and fine-grained access controls. It defines exactly which permissions an external system receives, what data it can access, and under what network conditions it can authenticate. This is the foundation of any secure integration between Salesforce and an outside system, whether that is a mobile app, a web portal, an IoT device, or a partner's backend service.
As an organization adds more integrations, Connected Apps become the central control plane for managing external access to Salesforce data. Without properly configured Connected Apps, organizations risk over-permissioning third-party tools, leaving stale access tokens active, or exposing sensitive data to unauthorized networks. Each Connected App should follow the principle of least privilege, granting only the API scopes and object permissions required for its specific use case. Regular audits of Connected App configurations and OAuth token usage are essential as the integration landscape evolves, especially when decommissioning old systems that may still hold valid credentials.
How Organizations Use Connected App
- NovaBridge HR — NovaBridge HR created a Connected App to allow their internal HR portal to read and update Employee custom object records in Salesforce. The app uses the OAuth 2.0 client credentials flow, is scoped to only the Employee object, and restricted to the HR portal's server IP range. This ensures no other system or user can exploit the same credentials to access broader Salesforce data.
- Quantum IoT Solutions — Quantum IoT set up a Connected App for their fleet of smart sensors that push temperature readings into Salesforce via the REST API. The Connected App uses a certificate-based JWT bearer flow, eliminating the need for user-interactive login. Each sensor authenticates with its own certificate, and the Connected App's scope is limited to a single custom object for sensor readings.
- Pinnacle Partner Portal — Pinnacle Corp configured a Connected App to power their external partner portal, which lets channel partners view their co-branded Opportunities and submit deal registrations. The Connected App uses SAML for single sign-on, restricts access to a dedicated Partner Community user profile, and enforces session timeout policies to protect sensitive deal data.