How to Defend Your Domain Without Cutting Off Your Allies
If Salesforce were a castle, Connected Apps are the drawbridges: essential for business, diplomacy, and collaboration, but also how intruders sneak in when the guards grow too trusting and complacent. In response to a series of voice-phishing and OAuth-abusing attacks, Salesforce is officially shoring up gates and lowering the portcullis.
This isn’t another routine release note. It’s a full-scale security shift that redefines how integrations are approved, monitored, and trusted.
In this post you’ll find:
- The Scam that breached the gates
- What’s changing for Connected Apps
- What’s your next steps should be
- How The CRM Firm can help shore up your defenses
The Threat: When Trust Became the Attack Vector
Every great breach begins with misplaced trust. Starting in mid-2025, attackers disguised themselves as friendly messengers, calling employees and persuading them to install counterfeit Salesforce tools such as Data Loader look-alikes bearing forged crests. Once launched, these impostors requested OAuth access, and unsuspecting users, thinking they were legitimate allies, clicked “Allow.” The result: attackers were handed the keys to the kingdom.
Key Points
- The breach was not a Salesforce vulnerability; it was human error, a lapse in vigilance.
- Companies both small and large were felled by similar tactics, including Google.
- Attackers favored low-visibility OAuth 2.0 device flows to avoid detection.
- Salesforce’s Response: Raise the drawbridge and lower the portcullis. Connected Apps now require stricter permissions, increased scrutiny, and a mindset shift toward zero-trust.
What’s Changing: The Connected App Clean-Up
Blocking "Uninstalled Apps"
What It Means:
- Users can no longer authorize apps that are not officially installed.
Why It Matters:
- Prevents rogue or cloned tools from using OAuth backdoors.
Installed Apps Remain Active
What It Means:
- Existing installed apps continue to function.
Why It Matters:
- Still, review their configurations and tighten policies.
Ending the
Device Flow
What It Means:
- OAuth 2.0 Device Flow is being blocked.
Why It Matters:
- Automation scripts and CLIs must move to safer login methods.
Enhanced Oversight
What It Means:
- Expanded visibility into app usage and user activity.
Why It Matters:
- Allows you to identify suspicious behavior before it becomes a problem.
New Bypass Permissions
What It Means:
- Two new permissions: Approve Uninstalled Apps and Use Any API Client.
Why It Matters:
- Should only be granted to trusted admins; these are high-privilege roles.
API Access Control
What It Means:
- You can now allowlist approved Connected Apps.
Why It Matters:
- Ensures that APIs only respond to authorized clients.
In short, Salesforce is shifting from “trust, then verify” to “verify before trusting” or “measure twice, cut once” if you like.
What You Should Do: A Practical Battle Plan
Preparation: Rally Your Troops
Communicate the importance of these changes to IT, Security, and DevOps teams. Define and establish a process for requesting, approving, and installing new Connected Apps.
Step 1: Scout the Field (Audit Existing Apps)
Use Connected Apps OAuth Usage in Setup or query the OAuthToken object via SOQL to see which apps are authorized, by whom, and when.
Watch for:
- Apps with many users, but no clear owner.
- Unused or Duplicate apps and integrations.
- Apps of unknown origin or source.
Step 2: Identify Friends from Foes (Classify & Clean Up)
- Trusted & Essential: Keep and secure these.
- Untrusted or Unknown: Revoke access immediately.
- Redundant or Legacy: Retire gracefully after testing their dependencies.
Step 3: Reinforce Defenses (Harden App Policies)
- Under Manage Connected Apps, change user access to “Admin approved users are pre-authorized.”
- Restrict access with permission sets or profiles, set timeouts, limit IP ranges, and require MFA where possible.
Step 4: Upgrade the Guard Tower (Enable API Access Control)
- Work with Salesforce Support to activate API Access Control.
- Only approved Connected Apps should access your APIs, and all changes should be tested in a sandbox first.
Step 5: Upgrade the Armory (Update Data Loader & Related Utilities)
- With the device flow being removed, migrate to Web Server OAuth or encrypted password logins.
- Always use officially installed or organization-approved tools, not unverified versions from outside sources.
Step 6: Keep Watch (Monitor and Educate)
- Review your logs and audit trails regularly.
- Train users to verify app legitimacy before clicking “Approve.”
- Repeat this process periodically to maintain a secure environment.
How Can The CRM Firm Help?
At The CRM Firm, we help clients strengthen security without slowing productivity. Our support includes:
- Connected App Inventory & Risk Assessment: We’ll map your integrations and flag weak points in your defenses.
- Governance Framework Design: Define who may request, approve, or retire apps to maintain a clear chain of command.
- Policy Hardening & Configuration: Establish guardrails, including MFA, IP restrictions, and access tiers that fit your org.
- Sandbox Testing & Cutover Support: Test security measures safely before marching into production.
- User Training & Communication: Arm your people with the knowledge to spot social engineering tricks before the trap is sprung.
- Ongoing Monitoring & Health Checks: Maintain vigilance with recurring security reviews and alerts.
How Can The CRM Firm Help?
This isn’t just a security patch; it’s a campaign to modernize your defenses. Attackers today don’t batter down walls by simply breaching your code. They subtly whisper through gates left ajar and hack their way in via your trust and desire for convenience.
Moving toward a model of “approve and monitor” rather than “permit by default” is a critical evolution in security culture. The transition may feel inconvenient at first, but it will ultimately transform your instance from a vulnerable castle into a mighty fortress, reducing your exposure and strengthen your defenses.
If you are ready to secure your Salesforce stronghold, we are here to help, from the first audit to the final line of defense. Together we can ensure your gates stay strong, your allies trusted, and your realm protected.
