Definition
Manage Connected Apps is a Setup page that lists all Connected Apps that have been installed or created in the org, including OAuth settings, session policies, IP restrictions, and user provisioning configurations. Administrators use this page to control which users can access each connected app and under what conditions.
Real-World Example
The admin at Apex Dynamics opens Manage Connected Apps to review the Tableau connected app configuration. She tightens the session policy to require re-authentication every 4 hours, restricts access to users with the "Analytics User" permission set, and enables IP restrictions so the app can only be accessed from the corporate VPN.
Why Manage Connected Apps Matters
Manage Connected Apps is a Setup page that provides administrators with centralized control over all Connected Apps installed or created in the org. Connected Apps are the mechanism by which external applications like Tableau, Slack, or custom integrations authenticate and interact with Salesforce data via OAuth. From this page, admins can configure session policies, set IP restrictions, manage user access through profiles or permission sets, and control refresh token behavior. This centralized management is critical for maintaining security while enabling the integrations that modern businesses depend on.
As organizations adopt more external tools and build more integrations, the number of Connected Apps can grow rapidly. Without active management, organizations face serious security risks: stale apps with broad data access, long-lived sessions that persist after employees leave, and unrestricted IP ranges that allow access from anywhere. The consequences include data exfiltration, unauthorized access, and compliance violations. Mature organizations conduct quarterly Connected App audits, enforce IP restrictions for sensitive integrations, and set session policies that balance security with user convenience. Neglecting this page is one of the most common security oversights in Salesforce administration.
How Organizations Use Manage Connected Apps
- Apex Dynamics — After a security audit revealed that a former employee's integration was still accessing Salesforce data through a Connected App, the admin opens Manage Connected Apps to revoke all active sessions and tokens for that app. She then tightens the session policy to require re-authentication every 4 hours and restricts access to the corporate VPN's IP range.
- CloudSync Technologies — CloudSync's admin uses Manage Connected Apps to configure their Tableau integration with granular controls. She restricts access to users with the Analytics User permission set, sets the refresh token to expire after 24 hours, and enables IP restrictions so the Tableau Server can only connect from its known static IP addresses. This prevents any unauthorized Tableau instances from accessing Salesforce data.
- Meridian Healthcare — Meridian's security team uses Manage Connected Apps to enforce HIPAA requirements on their patient portal integration. They configure the Connected App to require high-assurance sessions, set a 30-minute session timeout, and restrict access to the permission set assigned only to clinical staff. This ensures patient data is only accessible through approved channels with appropriate authentication levels.