API Access Control & FX Connected Apps

Introduction

As an admin, you can manage OAuth connected apps in use in your org. You can install apps to manage policies and block apps to prevent new sessions with the connected app. Additionally, you can block to end all current user sessions with the connected app.

Step-by-Step Guides

First you need to request API access, then you can enable API access control, Install FX Connected Apps and Edit Policies, Restrict API Access, Add a New Permission Set, and finally Add Permission Set to Users.

Request API Access (for Admins)

  1. Before you can remove a user’s access to APIs, you must contact Salesforce Customer Support and request access control to the API. See Salesforce Help: Manage API Access.

    The admin making the request receives two emails:

    • When the request is made

    • When the request is resolved

  2. To verify that you have API Access Control,

    1. Enter api in the Quick Find Search box.

      If you have access, you will see in the left nav:

      API Search results in left nav

  3. At the API Access Control Settings screen, make sure the Allow Visualforce pages to access APIs checkbox is selected. If not, select it to enable.

Enable API Access Control

Once that is granted, follow these steps:

  1. In FieldFX Back Office, enter Setup.

  2. Use the Quick Find box, enter OAuth.

  3. Select Connected Apps OAuth Usage under Apps > Connected Apps.

  4. Continue with Install FX Connected Apps and Edit Policies.

Install FX Connected Apps and Edit Policies

  1. At the list of FX Connect Apps, click Install next to the app.

    When the app is installed, Install changes to Uninstall.

  2. At the prompt from Salesforce "Install connected app?", click Install.

    When you have the connected app page after clicking Install, there is a Edit Policies button.

    The screen refreshes to show the page for the connected app you had installed.

  3. To edit the policies for the connected app, click Manage App Policies.

    The screen has editable fields.

  4. In the OAuth Policies section,

    1. Set the values for these fields:

      Field Name Description / Action

      Permitted Users
      (Required)

      Do Not Change from "All users may self-authorize" for now.

      When you add the permission set to a user, change this to "Admin approved users are pre-approved".

      IP Relaxation
      (Required)

      Do Not Change from "Enforce IP restrictions"

      Enable Single Logout
      Checkbox
      (Required)

      Do Not Change from the URL shown.

      Refresh Token Policy
      (Required)

      Do Not Change from "Refresh token is valid until revoked"

  5. Click Save.

  6. Open the Connected app permission set and navigate down to Permission Sets section.

    Since you changed the setting when managing the policies of the connected app and changing the permitted users to "Admin approved users are pre-approved," the Manage Permission Sets button appears. This is needed to Add Permission Set to Users.

  7. After all the needed FX Connected Apps are installed, continue to Restrict API Access.

For more information,

Restrict API Access

  1. Follow the steps in Salesforce Help: Restrict Access to APIs with Connected Apps.

  2. Continue with Add a New Permission Set.

Add a New Permission Set

Once you have added the FX Connected Apps, you need to add the connected app to a Permission Set.

  1. Use the Quick Find box in Setup and enter Perm.

  2. Select Permission Sets under Administer > Manage Users.

  3. Create a new permission set for each connected app that you added in Install FX Connected Apps and Edit Policies by following the steps in Add a new Permission Set.

    1. Customize the permission set as follows:

      Steps Field Description / Action

      1. Enter New View

      View Name

      Name the permission set FX Login Connected App.

      2. Specify Filter Criteria

      Enter any needed filter criteria.

      To add more criteria, click Add Row and complete the filter specifics

      3. Select Columns to Display

      Search

      You don’t need to search for any columns.

      Available Settings

      In the Selected Settings box, leave "Permission Set Label".

  4. Click Save.

  5. Continue with Add Permission Set to Users.

Add Permission Set to Users

  1. Now you can add that new permission set to users by following the steps in Assign a Permission Set to Users.

  2. In the FX Connected app, scroll down to the Permission Set section and click Manage Permission Sets.

  3. At the Application Permission Set Assignment screen,

    1. Select the permission sets for FX Connected Apps for each of the connected apps that are installed to the user’s profile.

    2. Click Save.

  4. Repeat these steps for all the FX Connected Apps you have installed.

Recommended Reading