Connected App

A Salesforce Connected App is a framework by which third party applications can integrate with Salesforce in a trusted fashion. A properly installed Connected App is necessary for GRAX to utilize your Integration User and for end-users to use Single Sign On to access GRAX. Additionally, Connected App settings can be customized to restrict access to GRAX or make it more seamless.

Changes to Connected Apps (September 2025)

Installing the Connected App

The GRAX OAuth connected app will be added to your org by default the first time it is used, but will not be installed automatically in all cases; it must be installed for users to make use of it. To view the connected apps that exist in your org as well as if they're installed, open the "Connected Apps OAuth Usage" page in setup.

If your table shows the "Install" action for "GRAX OAuth" and is missing the "Managed App Policies" link as shown above, the Connected App is not installed. To install it, click "Install". You will be asked to confirm the installation:

Once the app is installed, you will see "Uninstall" as an available action instead of "Install", as shown below:

Customizing the Connected App

By clicking the "Managed App Policies" option in the "Connected Apps OAuth Usage" menu, administrators can modify the behavior of the connected app, the sessions associated with it, and the ability of users in the org to utilize the app. The option will not appear if the app is not installed.

GRAX is not compatible with all possible options, and not all possible options have an effect on GRAX. Meaningful settings and their impact are broken out below.

Setting
Value
Impact

Permitted Users

All users may self-authorize

All users in the org may SSO via the connected app, but will be individually asked for their consent and authorization of the app and associated scopes. This can interfere with use of the LWCs if users have never logged into GRAX before.

Admin approved users are pre-authorized

Users must be pre-approved based on assigned profile by an administrator, but will not need to individually consent to and authorize the app and associated scopes. This can make the LWC and SSO experience more seamless, but may be more of a burden to manage. Enabling this option will immediately prevent all users in the org from using the app, regardless of whether they have authorized it previously. They must be authorized by profile before they can use the app again.

IP Relaxation

Enforce IP restrictions

Login requests using this connected app must come from one of the IPs configured within the user's "Login IP Ranges". If no ranges are configured for the user, this has no effect.

Relax IP Restrictions

Login requests using this connected app are allowed regardless of the configured "Login IP Ranges" for a user.

Refresh Token Policy

Refresh token is valid until revoked

This is the only supported value. GRAX will perpetually refresh the integration user connection until the refresh token is revoked by any means.

Last updated

Was this helpful?