Wednesday, May 7, 2014

Salesforce1 and Connected Apps Update

As a follow-up to a previous post about connected apps, I wanted to share information about a change with Salesforce1 as of mid-March 2014.  If you are looking for a list of users who are accessing their data via Salesforce1, the Connected Apps detail page "View OAuth Usage" option is no longer the best place to get that information. 

Looking for Salesforce1 users, look in the login history.
Salesforce1, unlike other Connected Apps (Workbench, AppExchange, etc.) removes users from the OAuth Usage list when their refresh token is revoked.  This token allows users to remain logged in to a Connected App without repeatedly providing their credentials.  Settings allow administrators to set a time for revoking the token if users should not remain logged infinitely.  When the user logs out, the access token is also revoked.

For the Connected Apps detail page, Salesforce1 users who have logged out and have no access token may not appear in the list.  The only users that will appear are those who remain logged in via their mobile devices.

You can still find out which of your users are accessing data via Salesforce1 on their mobile devices, though.  Instead of using the Connected Apps list, export the login history for your users and sort based on Application to find all of the "Salesforce1 for iOS" entries.  (Note that sorting on the Application without exporting may not group the data.)

To revoke access for users, rather than going through the "View OAuth Usage" option, you will need to make changes to the Connected Apps detail page.  In that case, you may want to change settings for user authorization and/or the refresh token.