How to Ensure Dataimporter Works with Salesforce's New "Approve Uninstalled Connected Apps" Security Update

What Is Changing in Salesforce?

‍

Starting September 2025, Salesforce will begin enforcing a new policy that blocks users from authorizing uninstalled connected apps unless special permissions are granted. These are apps that were authorized via OAuth but never formally installed by an admin.

This update is designed to:

• Reduce exposure to phishing and social engineering attacks.
• Ensure only vetted, admin-approved apps are used to access org data.
• Align with more robust OAuth client management practices.

‍

How Does This Affect Dataimporter?

Dataimporter uses a Salesforce connected app to authenticate and perform migrations or integrations. If that connected app is not formally installed in your org, new users or new authorizations may fail after this change.

Admins must either install the connected app or grant the necessary user permissions to allow access.

‍

Step-by-Step: What You Need to Do

1. Check If the Dataimporter Connected App Is Installed

Go to Setup > Connected Apps OAuth Usage in Salesforce.

• If you see an Install button next to the Dataimporter app, it means the app is currently uninstalled.
• If it says Uninstall, the app is already installed and no immediate action is needed.

2. Install the Connected App (If Needed)

Installing the app ensures it is fully managed and avoids future authorization issues.

To install:

• In Connected Apps OAuth Usage, click Install next to the Dataimporter app.
• After installation, go to Manage Connected Apps.
• Set Permitted Users to "Admin approved users are pre-authorized".
• Assign access via profiles or permission sets as needed.

3. Grant Required Permissions for First-Time Use

If the app is still uninstalled and you need to authorize it:

• Assign the Approve Uninstalled Connected Apps permission to the user doing the authorization.
• If your org has API Access Control enabled, you must instead assign Use Any API Client.

Tip: Most System Administrator profiles include these by default. Double-check custom profiles.

4. Test OAuth Connection with a New User

• Have a user who has not previously connected to Dataimporter try to authenticate.
• Confirm the connection completes without errors.
• If blocked, review Connected App settings and permissions.

5. Communicate and Audit

• Inform your integration users and developers of the upcoming enforcement.
• Review Connected Apps and OAuth Usage logs.
• Remove or restrict unused or suspicious apps.

‍

Summary Checklist

Check if Dataimporter app is installed --> Setup > Connected Apps OAuth Usage

Install the app --> Click "Install" and configure access policies

Assign permissions --> Use "Approve Uninstalled Connected Apps" or "Use Any API Client"

Test with new user --> Confirm OAuth flow completes successfully

Audit regularly --> Review app usage and adjust access as needed

‍

Stay Secure and Connected

By taking these steps, you ensure Dataimporter remains fully functional while aligning with Salesforce’s latest security best practices. If you have any questions or need help configuring your org, reach out to the Dataimporter support team.

‍