Definition
Connected Apps OAuth Usage is a Setup page that displays usage statistics and details for Connected Apps using OAuth authentication in the org. It shows which connected apps are actively being used, the number of users, token counts, and last access dates, helping administrators monitor third-party application access.
Real-World Example
The security admin at TechNova opens Connected Apps OAuth Usage to audit which third-party applications have active OAuth tokens. She discovers that a decommissioned project management tool still has 30 active user tokens. She revokes access for that connected app and notifies affected users to use the new approved tool instead.
Why Connected Apps OAuth Usage Matters
Connected Apps OAuth Usage is a Setup page in Salesforce that provides administrators with a dashboard of all Connected Apps using OAuth authentication. It displays critical details such as the number of active users per app, total token counts, and the date each app was last accessed. This visibility is essential for security governance because it answers the question: who has access to our data right now? Without this page, admins would have no centralized way to audit which external applications are actively connecting to the org.
As organizations accumulate integrations over months and years, it is common for decommissioned tools to retain active OAuth tokens. Connected Apps OAuth Usage surfaces these stale connections, enabling admins to revoke access before dormant tokens become a security liability. In regulated industries, this page is a key part of periodic access reviews required by frameworks like SOX, HIPAA, and SOC 2. Failing to monitor OAuth usage can result in audit findings, data exposure through forgotten integrations, and an inability to answer basic security questions about who can access the org's data.
How Organizations Use Connected Apps OAuth Usage
- Ironclad Financial — Ironclad Financial's security team runs a quarterly SOX compliance audit and uses Connected Apps OAuth Usage to generate evidence that only approved applications have active tokens. During their last review, they discovered a marketing automation tool that was retired six months ago still had 45 active user tokens. They revoked all tokens and documented the remediation for their auditors.
- Nexus Healthcare — Nexus Healthcare's IT manager checks Connected Apps OAuth Usage monthly to verify that only their three approved integrations, an EHR system, a patient scheduling tool, and a billing platform, have active tokens. When an unauthorized analytics tool appeared with 12 user tokens after a rogue department trial, the page helped them detect and shut it down within hours.
- Cobalt Ventures — Cobalt Ventures uses Connected Apps OAuth Usage to track which Connected Apps are most heavily used. By comparing active user counts across integrations, the operations team identifies which tools are critical to daily workflows and prioritizes their vendor renewals. An integration with zero active users in 90 days is flagged for decommissioning.