Definition
Remote Access is a Setup page for managing legacy Connected App configurations that allow external applications to authenticate and access Salesforce data. While newer Connected Apps are managed through the App Manager, Remote Access provides backward compatibility for older OAuth integrations.
Real-World Example
The admin at DataSync Corp opens Remote Access while auditing legacy integrations and finds two old Connected App entries from 2018 that are no longer in use. She verifies with the IT team that the associated applications have been decommissioned, then removes the Remote Access entries to close unnecessary OAuth access points.
Why Remote Access Matters
Remote Access is a legacy Setup page in Salesforce for managing older Connected App configurations that allow external applications to authenticate via OAuth and access Salesforce data. While modern Connected Apps are managed through the App Manager, Remote Access still exists for backward compatibility with integrations created before the Connected Apps framework was introduced. It is essentially a maintenance page for older OAuth consumer keys and secrets that may still be active in long-running integrations.
As organizations modernize their Salesforce environments, Remote Access entries often become forgotten security liabilities. Legacy integrations from years ago may have been decommissioned on the external application side, but their OAuth credentials remain active in Salesforce, creating unnecessary access points. Regular audits of the Remote Access page are critical for security hygiene. Organizations that never review these legacy entries risk leaving open OAuth connections that could be exploited if the old credentials are compromised. Best practice is to migrate any still-active integrations to modern Connected Apps and remove all unused Remote Access entries.
How Organizations Use Remote Access
- DataSync Corp — DataSync's admin discovers two Remote Access entries from 2018 during a security audit. After confirming with IT that the associated applications were decommissioned, she removes the entries to close unnecessary OAuth access points. This simple cleanup eliminates two potential attack vectors that had been overlooked for years.
- Legacy Systems Inc. — Legacy Systems maintains a Remote Access entry for a critical payroll integration built in 2016. Rather than risk disrupting payroll, their admin documents the entry, monitors its API usage monthly, and schedules a migration to a modern Connected App during the next quarter's maintenance window. This balanced approach maintains operations while planning for modernization.
- SecureFirst Consulting — SecureFirst includes Remote Access review in their quarterly security audit checklist for all client orgs. During one audit, they discover a Remote Access entry whose consumer secret had been shared in an old email thread. They immediately revoke the entry, rotate credentials through a new Connected App, and implement a policy requiring all OAuth secrets to be stored in a secrets manager.