Per-Instance Connected Apps

[JonahM]

If I am understanding things correctly, it looks like when you specify tokens for the first connected app, it is used for every other connected app that gets deployed when multiple instances are backed up on the same server.


Are there plans to make it so tokens can be specified per instance? It seems like if the tokens are ever rotated it will rotate them for every connected instance.

Some instances where I could see the tokens being changed:
- A customer goes in and accidentally changes them
- A customer requires them to periodically rotate the tokens due to a company security policy

[Mike Resseler]

Hi Jonah,

Your understanding is correct. There are indeed plans to dive further into this. Since you are requesting this as a service provider, note that we are planning a version that will have VCSP functionality in it, for today, if you want to play with it, it is best that your first connected app is your own SFDC subscription so that all customers connect to your connect app.

Hope it makes sense

[MIvanov]

Some instances where I could see the tokens being changed:
- A customer goes in and accidentally changes them
- A customer requires them to periodically rotate the tokens due to a company security policy

- Customer cannot change tokens in case a VCSP deploys the connected app in their own Salesforce organisation.

- Yes, rotation of tokens is a good thing to consider. Once you rotate tokens on your end, you need to re-authorize all organisations.

By default, with a BaaS scenario, customer does not control the connected app and should not do anything yo configure it. Creating connected app takes 10 minutes, that is along wait for the end user experience in a SaaS experience. So, if you consider other Baas solutions, you just authorize your SF org and that is it!

So, either VCSP needs to have N connected apps preconfigured with a target, lets say, 10 customers per app or have a manual deployment process with provisioning another app..