Migrate Resource Owner Password Credentials (ROPC)-Based Connections

Salesforce has disabled the creation of new connected apps and will also deprecate the Resource Owner Password Credentials security policy in the near future. Resource Owner Password Credentials security policy connections using the existing connected apps are only supported until the Winter 2027 release.

Integrations using Resource Owner Password Credentials-based Salesforce connections must be migrated to a Salesforce Adapter connection that does not rely on connected apps. Failure to complete this migration before the deadline may result in integration disruption.

Along with migration to OAuth flows, Salesforce is also enforcing the use of a custom domain (My Domain) for more secure and reliable authentication. Add the custom domain URL to the Salesforce Adapter connection. See Prerequisites for Oracle Integration Release 20.2.2.0.0 (200524.0200.35760) or Later and Configure Connection Properties.

The following topics are covered:

Eligibility Criteria for Migration

An existing connected app can be migrated to an external client app only if it fulfills certain requirements.

You must have Create, Edit, and Delete External Client App permissions through the System Administrator profile or a custom permission set.
The app must not depend on the OAuth 2.0 username-password flow because that flow is not supported for external client apps.
Your organization must use a Salesforce edition that supports external client apps, such as the Professional, Performance, Unlimited, or Developer Edition.

Migrate the Existing Connected App to an External Client App

Migrate the existing connected app to an external client app. See Create an External Client App from a Connected App. After the migration completes, Salesforce displays a link to the new external client app.

Note:

If the connected app is not eligible for migration, create a new external client app and configure it for the required OAuth flow. See Configuring OAuth – External Client App in Salesforce.

Create or Update the Salesforce Adapter Connection

Once you have created a new client app or converted an existing connected app into an external client app, you can either set up a new Salesforce Adapter connection or update the existing one to use the Authorization Code Credentials security policy. See Create a Connection.

Replace an Existing Resource Owner Password Credentials-Based Connection in your Integration

Once you have created a new connection, follow these steps to reflect the changes in your integration.

Go to the location of the integration to edit.
- In a project.
  1. In the navigation pane, click Projects.
  2. Select the project name.
  3. Click Integrations .
  4. In the Integrations section, select the integration currently using the Resource Owner Password Credentials connection.
- Outside a project.
  1. In the navigation pane, click Design, then Integrations.
  2. Select the integration currently using the Resource Owner Password Credentials connection.
If you have created a new Salesforce Adapter connection, click Actions , then select Configure.
In the Configuration Editor, select the Salesforce Adapter connection, and click Replace.
Click Save.
If you have updated the Salesforce Adapter connection, click Save & reactivate to reactivate the integration.

Refresh Integration Endpoints and Activate the Integration

Go to the location of the integration to refresh and activate.
- In a project.
  1. In the navigation pane, click Projects.
  2. Select the project name.
  3. Click Integrations .
  4. In the Integrations section, find the integration to refresh.
- Outside a project.
  1. In the navigation pane, click Design, then Integrations.
  2. Find the integration to refresh.
Select the integration.
Click Actions , then select Refresh Endpoints.
A confirmation message indicates a successful refresh.
Once the refresh is successful, activate the integration.