US English (US)
ES Spanish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Log in
English (US)
US English (US)
ES Spanish
  • Home
  • Help & Support
  • Support
  • Support FAQs
  • FAQ: Salesforce

Salesforce Connected App Enforcement

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • RIO Certification
    RIO Certification Program RIO Academy RIO Challenge RIO Recipe Training
  • Releases
    V3 Release Notes V4 Release Notes
  • Help & Support
    Install RIO Education RIO Insights RIO Recipe Support RIO Graduate/Intern Program Trainee (GPT)
  • Experience RIO in action
+ More

Table of Contents

What has Salesforce changed regarding Connected App access? When does RIO Education use Connected Apps? 1. Automated Installer - install.rioeducation.com 2. Customer-specific integration solutions What issues will users encounter? Who is affected? How do I resolve the installer access issue? Option 1 (Preferred): Perform installation using a System Administrator Option 2: Grant the necessary permissions temporarily Does this affect customer-specific integrations? Need assistance?

What has Salesforce changed regarding Connected App access?

Starting in September 2025, Salesforce has enhanced enforcement rules that restrict access to uninstalled connected apps. If a user attempts to authenticate via a connected app that is not installed in the org, Salesforce will deny access unless that user has specific permissions.

The two permissions that bypass this enforcement are:

  • Approve Uninstalled Connected Apps
  • Use Any API Client

This enforcement applies across Salesforce environments and has been rolled out automatically by Salesforce.

 

When does RIO Education use Connected Apps?

RIO Education uses Connected Apps in two scenarios:

1. Automated Installer - install.rioeducation.com

The RIO Education installer uses a Salesforce Connected App for OAuth authentication.

2. Customer-specific integration solutions

For some projects, the RIO Integration team sets up customer-specific Connected Apps.
These Connected Apps:

  • are created directly in the customer org,
  • include defined scopes and permissions,
  • and are owned and managed by the customer.

When a Connected App is properly installed, this enforcement has NO impact, because it is not considered an uninstalled Connected App.

 

What issues will users encounter?

The enforcement only affects access to uninstalled (external) Connected Apps, including the installer.

Users without appropriate permission may see errors such as:

  • Access to uninstalled connected app is denied.
  • Your admin must approve access to this connected app.

These are referenced in Salesforce support documentation.

 

Who is affected?

The following users may be blocked:

  • Users performing installation using a non-admin profile
  • Users without Connected App access permissions
  • Users launching the installer for the first time

The following users will not be affected:

  • System Administrators
  • Users assigned either of the required permissions
  • Users accessing customer-installed Connected Apps
  • API integrations authenticated using installed Connected Apps

 

How do I resolve the installer access issue?

Option 1 (Preferred): Perform installation using a System Administrator

This is the simplest approach.

System Administrators typically already include:

  • Approve Uninstalled Connected Apps
  • Use Any API Client

Option 2: Grant the necessary permissions temporarily

Assign to the installing user:

  • Approve Uninstalled Connected Apps
  • Use Any API Client

Steps:

  1. Go to Setup
  2. Navigate to:
    1. Profiles, OR
    2. Permission Sets
  3. Search for each permission by name
  4. Enable them
  5. Retry the installation

After installation is complete, these permissions can be revoked.

 

Does this affect customer-specific integrations?

No - provided the Connected App is setup within the customer org.

When RIO Integration delivers a connected app, it is:

  • created inside the customer Salesforce org,
  • configured with correct OAuth scopes,
  • assigned to relevant profiles or permission sets.

Therefore, Salesforce no longer classifies it as uninstalled, meaning enforcement rules do not apply.

The enforcement only impacts external apps that have not been explicitly installed, such as the RIO installer.

 

Need assistance?

Contact us at support@wdcigroup.net.

Please provide:

  • Org ID
  • Grant login access 
  • Screenshot of error message

Our support team will assist accordingly.

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Integration: RIO Connect
  • RIO Connect Overview
  • How do I grant Login Access to the RIO Team
RIO Education

RIO Education, a WDCi Company. This information is proprietary, confidential and protected by copyright ©2024.

CONTACT

Get in touch

  • Privacy
  • Terms of service

Knowledge Base Software powered by Helpjuice

Definition by Author

0
0
Expand