A Complete Guide to New Salesforce Connected Apps Security Requirements

Learn how Salesforce is blocking social engineering attacks through new connected app security requirements.

Recent breaches at Jaguar Land Rover and the SalesLoft Drift OAuth token compromise affecting 700+ organizations exposed how hackers exploit Salesforce connected apps through social engineering. In this Salesforce Security Office Hours session, Tom Bassett, Senior Solution Architect at Vera Solutions and 2025 Salesforce MVP, reveals how attackers gained unauthorized access using only a client ID and my domain URL through vulnerable OAuth device flow authentication—and what Salesforce has done to stop them.

Salesforce has removed device flow from Data Loader and CLI, now requires apps to be installed before users can connect, and restricted installation permissions to system administrators. Tom demonstrates how to audit your connected apps, block unrecognized integrations, and change the dangerous “All users may self-authorize” default to admin-approved access via permission sets. Hosted by Matt Meyers, CTA and Co-Founder/CEO of EzProtect, this session provides actionable steps for implementing least privilege with dedicated integration users and securing your org against costly connected app vulnerabilities.

Enter your information below to watch the video now

A Complete Guide to New Salesforce Connected Apps Security Requirements

Learn how Salesforce is blocking social engineering attacks through new connected app security requirements.