| Attribute |
Type |
Description |
| attributes |
sequence |
A custom attribute of the connected app. Represents the field names that make up a custom attribute when using SAML with a ConnectedApp. Tailor these values to a specific service provider. |
| formula |
string |
The value of the attribute. |
| key |
string |
The attribute's identifier. |
| canvasConfig |
sequence |
The configuration options of the connected app if it's exposed as a canvas app. |
| accessMethod |
string |
Indicates how the canvas app initiates the OAuth authentication flow. |
| canvasUrl |
string |
The URL of the third-party app that's exposed as a canvas app. |
| lifecycleClass |
string |
The name of the Canvas.CanvasLifecycleHandler Apex class. |
| locations |
string |
Indicates where the canvas app can appear to the user. |
| options |
string |
Indicates whether to hide the share button and header in the publisher for your canvas app, and whether the app is a canvas personal app. |
| samlInitiationMethod |
string |
If you're using SAML single sign-on (SSO), indicates which provider initiates the SSO flow. |
| contactEmail |
string |
Required. The email address Salesforce uses for contacting you or your support team. |
| contactPhone |
string |
The phone number for Salesforce to use to contact you. |
| description |
string |
An optional description for your app. |
| iconUrl |
string |
Reserved for future use. |
| infoUrl |
string |
An optional URL for a web page with more information about your app. |
| ipRanges |
list |
Specifies the ranges of IP addresses that can access the app without requiring the user to authenticate with the connected app. |
| description |
string |
Use this field to identify the purpose of the range, such as which part of a network corresponds to this range. |
| startAddress |
string |
The first address in the IP range, inclusive. |
| endAddress |
string |
The last address in the IP range, inclusive. |
| label |
string |
Required. The name of the app. |
| logoUrl |
string |
An optional logo for the app. The logo appears with the app's entry in the list of apps and on the consent page the user sees when authenticating. The URL must use HTTPS, and the logo can't be larger than 125 pixels high or 200 pixels wide. The default logo is a cloud. |
| mobileStartUrl |
string |
Users are directed to this URL after they've authenticated when the app is accessed from a mobile device. If you don't give a URL, the user is sent to the app's default start page after authentication completes. If the connected app that you're creating is a canvas app, then you can leave this field blank. The Canvas App URL field contains the URL that gets called for the connected app. |
| oauthConfig |
sequence |
Represents the field names that configure how your connected app communicates with Salesforce. |
| assetTokenConfig |
sequence |
Specifies an OAuth asset token configuration for the connected app OAuth settings. |
| assetAudiences |
string |
The audience claim associated with the asset token payload. This claim identifies who the JWT is intended for. |
| assetIncludeAttributes |
boolean |
If set to true (default setting), custom attributes associated with the connected app are included in the asset token payload. If set to false, these attributes aren't included. |
| assetIncludeCustomPerms |
boolean |
If set to true (default setting), custom permissions associated with the connected app are included in the asset token payload. If set to false, these permissions aren't included. |
| assetSigningCertId |
string |
The ID of the JWT certificate's signing secret. |
| assetValidityPeriod |
number |
The asset token's validity period. The validity must be the expiration time of the assertion within 3 minutes, expressed as the number of seconds from 1970-01-01T0:0:0Z measured in UTC. |
| callbackUrl |
string |
The endpoint that Salesforce calls back to your connected app during OAuth; it's the OAuth redirect_uri. |
| certificate |
string |
The PEM-encoded certificate string, if the app uses a certificate. |
| consumerKey |
string |
A value used by the consumer for identification to Salesforce. |
| consumerSecret |
string |
A value that is combined with the consumerKey and used by the consumer for identification to Salesforce. |
| idTokenConfig |
sequence |
Specifies the ID token configuration for the connected app OAuth settings. |
| idTokenAudience |
string |
The audiences that this ID token is intended for. |
| idTokenIncludeAttributes |
boolean |
Indicates whether attributes are included in the ID token. |
| idTokenIncludeCustomPerms |
boolean |
Indicates whether custom permissions are included in the ID token. |
| idTokenIncludeStandardClaims |
boolean |
Indicates whether standard claims about the authentication event are included in the ID token. |
| idTokenValidity |
number |
The length of time that the ID token is valid for after it's issued. The value can be from 1 to 720 minutes. The default is 2 minutes. |
| isAdminApproved |
boolean |
If set to false (default setting), anyone in the org can authorize the app. Users must approve the app the first time they access it. If set to true, only users with the appropriate profile or permission set can access the app. These users don't have to approve the app before they can access it. |
| isConsumerSecretOptional |
boolean |
If set to false (default setting), the connected app's client secret is required in exchange for an access token in the OAuth 2.0 web server flow. |
| isIntrospectAllTokens |
boolean |
If set to true, authorizes the connected app to introspect all access and refresh tokens within the entire org. If set to false (default), the connected app can introspect its own tokens. |
| isSecretRequiredForRefreshToken |
boolean |
If set to true (default), the app's client secret is required in the authorization request of a refresh token and hybrid refresh token flow. If set to false and an app sends the client secret in the authorization request, Salesforce still validates it. |
| scopes |
list |
A list of scopes associated with the connected app. The scopes refer to permissions given by the user running the connected app. |
| scope |
string |
The name of the scope. |
| singleLogoutUrl |
string |
The single logout endpoint. This URL is the endpoint where Salesforce sends a logout request when users log out of Salesforce. |
| oauthPolicy |
sequence |
Specifies Oauth access policies associated with your connected app. |
| ipRelaxation |
string |
Specifies whether a user's access to the connected app is restricted by IP ranges. |
| refreshTokenPolicy |
string |
Specifies how long a refresh token is valid for. |
| singleLogoutUri |
string |
If single logout is enabled, specify the single logout URL. |
| permissionSetName |
string |
Specifies the permissions required to perform different functions with the connected app. |
| plugin |
string |
The name of a custom Apex class that extends Auth.ConnectedAppPlugin to customize the behavior of the app. |
| pluginExecutionUser |
string |
Specifies the user to run the plugin as. |
| profileName |
string |
Specifies the profile (base-level user permissions) required to perform different functions with the connected app. |
| samlConfig |
sequence |
Specifies how an app uses single sign-on. |
| acsUrl |
string |
The assertion consumer service URL from the service provider. |
| certificate |
string |
The PEM-encoded certificate string, if the app uses a certificate. |
| entityUrl |
string |
The entity ID from your service provider. |
| encryptionCertificate |
string |
The name of the certificate to use for encrypting SAML assertions to the service provider. This certificate is saved in the organization's Certificate and Key Management list. |
| encryptionType |
string |
When Salesforce is the identity provider, the SAML configuration can specify the encryption method used for encrypting SAML assertions to the service provider. The service provider detects the encryption method in the SAML assertion for decryption. |
| issuer |
string |
A URI that sends the SAML response. A service provider can use this URI to determine which identity provider sent the response. |
| samlIdpSLOBinding |
string |
The SAML HTTP binding type from the service provider used for single logout. |
| samlNameIdFormat |
string |
Indicates the format the service provider (SP) requires for the user's single sign-on identifier. |
| samlSigningAlgoType |
string |
Indicates the signing algorithm applied to SAML requests and responses when Salesforce is the identity provider. |
| samlSloUrl |
string |
The SAML single-logout endpoint of the connected app service provider (SP). This endpoint is where SAML LogoutRequests and LogoutResponses are sent when users log out of Salesforce. The SP provides this endpoint. |
| samlSubjectCustomAttr |
string |
If the samlSubjectType is CustomAttr, include that custom value here; otherwise, leave empty. |
| samlSubjectType |
string |
The single sign-on identifier for the user. |
| sessionPolicy |
sequence |
Specifies the configuration options for a connected app's session policies. Use these policies to define how long a user's session can last before reauthenticating, to block user access to the connected app, or to require multi-factor authentication (MFA) to access the app. |
| policyAction |
string |
If the High Assurance session security level is applied to the connected app, specify associated high assurance action. |
| sessionLevel |
string |
Applies the High Assurance session security level to the connected app. This session level requires users to verify their identity with multi-factor authentication when they log in to the connected app. |
| sessionTimeout |
number |
The length of time the connected app's session lasts. |
| startUrl |
string |
If the app isn't accessed from a mobile device, users are directed to this URL after they've authenticated. |
| Attribute |
Type |
Description |
| complexity |
string |
The types of characters that must be used in a user's password. Valid values are NoRestriction, AlphaNumeric, SpecialCharacters, UpperLowerCaseNumeric, UpperLowerCaseNumericSpecialCharacters, Any3UpperLowerCaseNumericSpecialCharacters |
| expiration |
string |
The length of time until a user password expires and must be changed. Valid values are Never, ThirtyDays, SixtyDays, NinetyDays, SixMonths, OneYear |
| historyRestriction |
number |
The number of previous passwords saved for users so that they must always reset a new, unique password. Valid values are 0 through 24 passwords remembered. The maximum value of 24 applies to API version 31.0 and later. In earlier versions, the maximum value is 16. |
| lockoutInterval |
string |
The duration of the login lockout. Valid values are FifteenMinutes (this value is the default value), ThirtyMinutes, SixtyMinutes, Forever (must be reset by admin) |
| maxLoginAttempts |
string |
The number of login failures allowed for a user before the user is locked out. Valid values are NoLimit, ThreeAttempts, FiveAttempts, TenAttempts. This value is the default value. |
| minimumPasswordLength |
number |
The minimum number of characters required for a password. The number can contain from 5 to 50 characters (default is 8). Available in API version 35.0 and later. Before API version 35.0, specify minimum password length with the enumeration minPasswordLength, with valid values FiveCharacters, EightCharacters (default), TenCharacters, TwelveCharacters (API version 31.0 and later), and FifteenCharacters (API version 34.0 and later). |
| minimumPasswordLifetime |
boolean |
If enabled (true), passwords can't be changed more than one time during a 24-hour period. |
| obscureSecretAnswer |
boolean |
If enabled (true), hide answers to security questions as the user types. |
| questionRestriction |
string |
The restriction on whether the answer to the password hint question can contain the password itself. Valid values are None, DoesNotContainPassword |
| Attribute |
Type |
Description |
| allowUserAuthenticationByCertificate |
boolean |
If enabled (true), users can authenticate with a PEM-encoded X.509 digital certificate. Not enabled by default. Available in API version 47.0 and later. |
| canConfirmEmailChangeInLightningCommunities |
boolean |
When users change their email address, they receive an email at the new address with a link. After they click the link, their new email address takes effect. |
| canConfirmIdentityBySmsOnly |
boolean |
Prevents identity verification by email for users who have registered other verification methods, such as SMS or Salesforce Authenticator. If no other verification methods are configured, users are verified by email. By default, this setting is disabled (false) for existing orgs. For new orgs, this setting is enabled (true) by default. Available in API version 48.0 and later. |
| disableTimeoutWarning |
boolean |
Indicates whether the session timeout warning popup is disabled (true) or enabled (false). |
| enableCSPOnEmail |
boolean |
Indicates whether a content security policy is enabled for the email template. A content security policy helps prevent cross-site scripting attacks by listing allowed sources of images and other content. |
| enableCSRFOnGet |
boolean |
Indicates whether Cross-Site Request Forgery (CSRF) protection on GET requests on non-setup pages is enabled (true) or disabled (false). |
| enableCSRFOnPost |
boolean |
Indicates whether Cross-Site Request Forgery (CSRF) protection on POST requests on non-setup pages is enabled (true) or disabled (false). |
| enableCacheAndAutocomplete |
boolean |
Indicates whether the user's browser is allowed to store usernames and auto-fill the User Name field on the login page (true) or not (false). |
| enableClickjackNonsetupSFDC |
boolean |
Indicates whether clickjack protection for non-setup Salesforce pages is enabled (true) or disabled (false). |
| enableClickjackNonsetupUser |
boolean |
Indicates whether clickjack protection for customer Visualforce pages with standard headers turned on is enabled (true) or disabled (false). |
| enableClickjackNonsetupUserHeaderless |
boolean |
Indicates whether clickjack protection for customer Visualforce pages with standard headers turned off is enabled (true) or disabled (false). |
| enableClickjackSetup |
boolean |
Indicates whether clickjack protection for setup pages is enabled (true) or disabled (false). |
| enableContentSniffingProtection |
boolean |
Indicates if the browser is prevented from inferring the MIME type from the document content and from executing malicious files (JavaScript, Stylesheet) as dynamic content. This field is available in API version 39.0 and later. |
| enableLightningLogin |
boolean |
If enabled (true), users can use Lightning Login (Salesforce Authenticator) to log in instead of a password. Available in API Version 47.0 and later. |
| enableLightningLoginOnlyWithUserPerm |
boolean |
If enabled (true), only users with the Lightning Login User permission can log in with Salesforce Authenticator instead of a password. Available in API version 47.0 and later. |
| enableOauthCorsPolicy |
boolean |
If set to true, enables Cross-Origin Resource Sharing (CORS) for these OAuth endpoints: /services/oauth2/token /services/oauth2/revoke /services/oauth2/introspect Default setting is false. Available in API version 50.0 and later. |
| enablePostForSessions |
boolean |
Indicates whether cross-domain session information is exchanged using a POST request instead of a GET request, such as when a user is using a Visualforce page. In this context, POST requests are more secure than GET requests. Available in API version 31.0 and later. |
| enableSMSIdentity |
boolean |
If enabled (true), the default, users can receive a one-time password in a text message (SMS) to verify their identity. Users must verify their mobile phone number before they can receive SMS messages. |
| enableU2F |
boolean |
If enabled (true), users can use a physical U2F-compatible security key for multi-factor authentication (MFA) and identity verification. The default is false. Available in API version 47.0 and later. |
| enableXssProtection |
boolean |
Indicates if protection against reflected cross-site scripting attacks is enabled. If a reflected cross-site scripting attack is detected and XSS protection is enabled, the browser shows a blank page with no content. This field is available in API version 39.0 and later. |
| enforceIpRangesEveryRequest |
boolean |
If true, the IP addresses in Login IP Ranges are enforced when a user accesses Salesforce (on every page request), including access from a client app. If false, the IP addresses in Login IP Ranges are enforced only when a user logs in. This field affects all user profiles that have login IP restrictions. Available in API version 34.0 and later. |
| hasRetainedLoginHints |
boolean |
If you enable 'Remember me until logout' (true), usernames (login hints) are cached until the user logs out. If a session times out, usernames appear on the Switcher as inactive. If false (default), usernames aren't cached for SSO sessions. |
| hasUserSwitching |
boolean |
If 'Enable user switching' is true (default), users can log in to other orgs by selecting their profile picture and using the Switcher. You must also enable the 'Enable caching and autocomplete on login page' setting. If false, the Switcher isn't enabled and your org doesn't appear in Switchers on other orgs. |
| FileUploadAndDownloadSecurityRules |
list |
A list of rules representing the security settings for uploading and downloading files. |
| dispositions |
string |
Represents the metadata used to manage file type behavior. |
| noHtmlUploadAsAttachment |
boolean |
Indicates whether to allow HTML uploads as attachments or document records. |
| forceLogoutOnSessionTimeout |
boolean |
If enabled (true), the default, when sessions time out for inactive users, current sessions become invalid. The browser refreshes and returns to the login page. To access the organization, the user must log in again. |
| forceRelogin |
boolean |
If true, an admin who is logged in as another user must log in again to their original session, after logging out as the secondary user. If false, the admin isn't required to log in again. |
| identityConfirmationOnEmailChange |
boolean |
Indicates if a user's identity is confirmed when changing their email address, instead of requiring a re-login. This field is available in API version 42.0 and later. |
| identityConfirmationOnTwoFactorRegistrationEnabled |
boolean |
Indicates if users are required to confirm their identities when adding a verification method such as Salesforce Authenticator for multi-factor authentication (MFA), instead of requiring a re-login. (Multi-factor authentication was formerly called two-factor authentication.) This field is available in API version 40.0 and later. |
| lockSessionsToDomain |
boolean |
Indicates whether the current UI session for a user is associated with a specific domain. This check helps prevent unauthorized use of the session ID in another domain. The value is true by default for orgs created with the Spring '15 release or later. Available in API version 33.0 and later. |
| lockSessionsToIp |
boolean |
Indicates whether user sessions are locked to the IP address from which the user logged in (true) or not (false). |
| redirectionWarning |
boolean |
Indicates whether users see an alert when they click a link in a web tab that redirects them outside the saleforce.com domain. Available in API version 42.0 and later. |
| referrerPolicy |
boolean |
Indicates whether the referer header hides sensitive information that could be present in the full URL. If true, then the referer header displays only salesforce.com. If false, then the header displays the entire URL. For a Visualforce user, if referrerPolicy is set to true, then the referer header displays only force.com. If false, then the header displays the entire URL. Available in API version 42.0 and later. |
| requireHttpOnly |
boolean |
Sets the HttpOnly attribute on session cookies, making them inaccessible via JavaScript. If true, session ID cookie access is restricted. |
| sessionTimeout |
string |
The length of time after which users without activity are prompted to log out or continue working. Valid values are FifteenMinutes, ThirtyMinutes, SixtyMinutes, TwoHours, FourHours, EightHours, TwelveHours |
| Attribute |
Type |
Description |
| enableSecureGuestAccess |
boolean |
When true, guest users have organization-wide defaults set to Private. To share records with them, guest user sharing rules must be used. |
| deferGroupMembership |
boolean |
Indicates whether group membership calculations are suspended (true) or not (false). This field has a default value of false. This field is available in API version 49.0 and later. |
| deferSharingRules |
boolean |
Indicates whether sharing rule calculations are suspended (true) or not (false). This field has a default value of false. This field is available in API version 49.0 and later. |
| enableAccountRoleOptimization |
boolean |
Indicates whether person roles are assigned to new site users in accounts without existing users (true) or if regular site roles are created for new users (false). This field has a default value of false. |
| enableAssetSharing |
boolean |
Indicates whether sharing is enabled for assets (true) or asset access is determined by the parent object's sharing rules (false). This field has a default value of false. |
| enableCommunityUserVisibility |
boolean |
Indicates whether site users in the same site can see each other regardless of the organization-wide defaults (true) or not (false). This field has a default value of false. In orgs created in API version 47.0 and later, this setting doesn't apply to guest users. |
| enableManagerGroups |
boolean |
Indicates whether users can share records with their managers and manager subordinates groups (true) or not (false). This field has a default value of false. To use this field, you need the 'View and Manage Users' permission. |
| enableManualUserRecordSharing |
boolean |
Indicates whether users can share their own user record (true) or not (false). This field has a default value of false. |
| enablePartnerSuperUserAccess |
boolean |
Indicates whether you can grant super user access to partners in sites (true) or not (false). This field has a default value of false. To use this field, you need the 'Customize Application' permission. |
| enablePortalUserVisibility |
boolean |
Indicates whether portal users in the same customer or partner portal account can see each other regardless of the organization-wide defaults (true) or not (false). This field has a default value of false. To enable this field, contact Salesforce Support. |
| enableRemoveTMGroupMembership |
boolean |
Removes group membership info for the original territory management feature after migrating to Enterprise Territory Management when set to true. This field has a default value of false. Once this field is set to true, it can't be set to false again. |
| enableRestrictAccessLookupRecords |
boolean |
Indicates whether users must have read access to a record to see the record's name in lookup and system fields (true) or not (false). This field has a default value of true in Salesforce orgs created in Spring '20 or later and a default value of false in all other orgs. This field is available in API version 48.0 and later. |
| enableStandardReportVisibility |
boolean |
Indicates whether users can view reports based on standard report types that may expose data of users to whom they don't have access (true) or not (false). This field has a default value of false. |
| enableTerritoryForecastManager |
boolean |
Indicates whether forecast managers can act as delegated administrators for territories below them in the hierarchy (true) or not (false). This field has a default value of false. |
