Beginning in September 2025, Salesforce will implement a security change that limits the use of uninstalled connected apps during OAuth authentication. Consequently, if a user attempts to authorize a connected app that is not installed in their Salesforce organization, they will need to possess the following system permission:

Approve Uninstalled Connected Apps

If you do not have this permission, the OAuth authorization may fail with errors such as:

OAUTH_APPROVAL_ERROR_GENERIC

Authentication failures might manifest in subtly varied forms within certain sandbox environments.

For additional details and the subsequent steps, please consult this link.

Recommended Setup Approach

Option 1: Complete Initial Authentication Using an Admin User

For the first authentication during connector setup:

1. Use a System Administrator (or a user with the Approve Uninstalled Connected Apps permission).

2. Complete the OAuth authorization.

3. Once the connected app is authorized and installed in the org, the integration user can be added and used normally.

Option 2: Install the Connected App After a Failed Attempt

If authentication is attempted first with an integration user and fails:

1. Logging in through a System Admin, Go to Setup and navigate to Connected Apps OAuth Usage in Salesforce.

2. Locate the connected application (for example “Sprinklr CFM Prod3”).

3. Install or approve the connected application in the organization.

   

After the connected app is installed, the integration user will be able to authenticate successfully, even without the Approve Uninstalled Connected Apps permission.

You can refer to the Salesforce documentation explaining this change.

​

​