Manage connected app settings

Connected app settings define the authentication requirements and timeout settings for users to access the app. There are separate connected apps for Android and iOS.

  1. In Salesforce Lightning Experience, go to Setup > Apps > Connected Apps > Manage Connected Apps.

    In Salesforce Classic, go to Setup > Manage Apps > Connected Apps.

  2. Screenshot: manage connected apps

  3. In the list, find the Sage People Mobile Android and Sage People Mobile iOS apps. Complete the remaining steps for each app.

  4. Click Edit next to the app.

  5. Leave the Start URL and Mobile Start URL fields in the Basic Information section blank.

  6. Configure the following OAuth policy settings for the app, as required by your organization:

    Screenshot:configure OAuth policies

    Permitted Users: defines whether users may self-authorize or must be pre-approved by the administrator.

    • All users may self authorize: when signing in to the app with their credentials, users are asked to confirm that they allow the app to access their information.

    • Admin approved users are pre-authorized: Users who are pre-approved are not shown the Allow Access screen when signing in. In order to pre-approve users, you must allow access to the connected app in the user's permission set.

    • Note

      For information about enabling pre-authorization for users, see:

  7. IP Relaxation: defines how the organization's IP address restrictions are applied for access to the app. Typically, IP address restrictions are relaxed for use of the mobile app, to allow users to connect using different networks.

    • Enforce IP restrictions: enforces IP restrictions configured for the organization, such as IP ranges assigned to a user profile.

    • Enforce IP restrictions, but relax for refresh tokens: this option bypasses IP restrictions when the app uses a refresh tokens to request a new access token.

    • Relax IP restrictions for activated devices: bypasses IP restrictions when the user successfully completes identity verification if accessing the service from a new browser or device.

    • Relax IP restrictions: bypasses IP restrictions for the app.

    Refresh Token Policy: users are required to re-authenticate using their sign in credentials when the token expires. Typically set to 30 or 60 days, depending on your organization's policy.

  8. Set the session policy settings for the app, as required by your organization.

    • Timeout Value: defines how long an access token remains valid for an app session. When the access token expires, the app re-authenticates with the service in the background, as long as the refresh token is still valid. Set this according to your organization's security policy. If set to None, the timeout value defaults to the setting in the user profile. If the user profile does not have a setting, the organization's Session Settings are used.

    • High assurance session required: requires two-factor authentication when users sign in to the app. Recommended if you have two-factor authentication configured for your organization.

      Set the radio button to Raise the session level to high assurance.

      Screenshot: high assurance session required

  9. Select Save.
  10. If you have both Android and iOS users in your organization, ensure you have configured settings for both connected apps.