Manage connected app settings

Connected app settings define the authentication requirements and timeout settings for users to access the Sage People app. There are separate connected apps for Android and iOS.

  1. In Salesforce Lightning Experience, go to Setup then Apps. Click Connected Apps and select Manage Connected Apps.

    In Salesforce Classic, go to Setup, click Manage Apps then select Connected Apps.

    2. Screenshot: manage connected apps

  2. In the list, find the Sage People Mobile Android and Sage People Mobile iOS apps. Complete the remaining steps for each app.

  3. Click Edit next to the app.

  4. Leave the Start URL and Mobile Start URL fields in the Basic Information section blank.

  5. Configure the following OAuth policy settings for the app, as required by your organization.

    Screenshot:configure OAuth policies

    • Permitted Users: defines whether users can self-authorize or if the administrator needs to pre-approve them

    • All users may self authorize: users need to confirm they allow the app to access their information. They're asked when signing in to the app with their credentials

    • Admin approved users are pre-authorized: Users who are pre-approved don't see the Allow Access screen when signing in. To pre-approve users, allow access to the connected app in the user's permission set

      • Note

      For information about enabling pre-authorization for users, see:

    • IP Relaxation: defines how you want to apply the organization's IP address restrictions for access to the app. Typically, organizations relax IP address restrictions for use of the mobile app. This allows users to connect using different networks

    • Enforce IP restrictions: enforces IP restrictions you configured for the organization. For example, the IP ranges you assigned to a user profile

    • Enforce IP restrictions, but relax for refresh tokens: this option bypasses IP restrictions when the app uses refresh tokens to request a new access token

    • Relax IP restrictions for activated devices: bypasses IP restrictions when the user successfully completes identity verification. This is if they're accessing the service from a new browser or device

    • Relax IP restrictions: bypasses IP restrictions for the app

    • Refresh Token Policy: users need to re-authenticate using their sign-in credentials when the token expires. Typically set to 30 or 60 days, depending on your organization's policy

  6. Set the session policy settings for the app, as required by your organization.

    • Timeout Value: defines how long an access token remains valid for an app session. When the access token expires, the app re-authenticates with the service in the background. This is as long as the refresh token is still valid. Set this according to your organization's security policy. If set to None, the timeout value defaults to the setting in the user profile. If the user profile doesn't have a setting, the system uses the organization's Session Settings

    • High assurance session required: requires 2-factor authentication when users sign in to the app. Recommended if you have configured 2-factor authentication for your organization

      Set the radio button to Raise the session level to high assurance

      Screenshot: high assurance session required

  7. Select Save.
  8. If you have both Android and iOS users in your organization, ensure you've configured settings for both connected apps.