Migrating Connected Apps to External Client Apps from an ISV / External App Management Perspective
Summary
This guide walks Salesforce professionals through migrating Connected Apps (CAs) to External Client Apps (ECAs) from the perspective of managing external applications, focusing on security enhancements due to recent tighter Salesforce policies. It explains the key differences between CAs and ECAs, the challenges around app installation and OAuth flows, and why packaging ECAs as managed packages is the secure and scalable approach for ISVs. The article provides detailed steps to create, package, test, and deploy ECAs, alongside DevOps best practices for managing keys, scopes, and namespaces, helping teams secure OAuth integrations and adapt to upcoming platform changes.
Takeaways
- Package External Client Apps in managed packages for secure, scalable distribution.
- Separate app configuration management from subscriber access controls using ECAs.
- Use namespaces and MFA to protect security assets like ECAs and packaging orgs.
- Plan and communicate key rotations, scope changes, and OAuth details proactively.
- Treat ECAs as part of DevOps with source control excluding secrets before commit.
A practical guide on how to migrate your Connected Apps when you are responsible for managing the actual external connecting App. There is a lot going on in the world of Connected Apps (CAs). Recent phishing and vishing attacks have shown that companies have been pretty negligent on their CA security policies and user education. As a result Salesforce is starting to make CA security a lot tighter by default, having them behave in a similar way the External Client Apps (ECAs). If you manage an external application this is a perfect time to start thinking about migrating your CAs to ECAs. But where to begin? I would say: security and access with everything in mind that has happened. But there are many different ways and possible configurations to approach this. In this “guide” I am going to migrate the Connected App for my application called “ Pineapple Tools (PT) ” and take you through my thinking, steps and requirements and hopefully you can pick up something useful.