Announcement - Salesforce Security Update impact on FinDock

In response to recent security incidents, Salesforce is rapidly rolling out a changes impacting certain connected apps. The security update impacts FinDock Installer, FinDock MIDAS (installation and deployment app), ProcessingHub and WebHub.

According to the Salesforce announcement, a phased rollout to production and sandbox orgs that were in existence before August 28th started on September 2nd with sandboxes and will complete by September 17th.

Recommended actions for existing FinDock installations

   No immediate actions are required for ProcessingHub and WebHub apps. Existing, working connections should continue to function without any interruption to your operations.

For FinDock Installer and MIDAS apps, the connections are temporary and therefore impacted by the changes. However, these apps are only used for installation and configuration, so unless you are actively using them right now, no immediate action is required.

When it best suits your timeline, before you need to install new packages or change your FinDock setup, your Salesforce admin needs to carry out the manual steps outlined under the “Communication plan” explained in the Salesforce announcement.

Briefly, the steps are:

  1. From the Salesforce Setup, go to Connected Apps OAuth Usage.
  2. For each FinDock app connected to the org, click Install.

By default, the security policy for the installed app allows all users to access the app. If you would like to limit access:

  1. Go to Manage Connected Apps and click Edit next to the FinDock app.
  2. Under OAuth Policies, change Permitted Users from all to admin-approved users and click Save.
  3. Click the name of the app to open the app settings.
  4. Under Profiles, click Manage Profiles.
  5. Select the profiles of your Integration User and FinDock Admin in the Application Profile Assignment list and click Save.

We recommend that you carry out the above steps for ProcessingHub and WebHub at the next available opportunity. This ensures you can reconnect the app if needed and avoids unexpected connection issues from the security update in the future.

   If you plan on implementing only admin-approved user access, please carry out the install procedure when no processes are running on ProcessingHub. This can be checked from ProcessingHub Manager.

In addition to FinDock’s connected apps, if you have a custom integration to the Payment API, you may need to install the connected app for that integration as well.

Required actions for new installations

There are different ways to address these access restrictions with new FinDock installations depending on how you want to handle the new Approve Uninstalled Connected Apps user permission. This permission is included in the system administrator profile by default, so here is one straightforward way to install FinDock as a system administrator.

  1. Install FinDock as normal through the FinDock Installer.
  2. Connect ProcessingHub and WebHub.
  3. Install a payment processor through FinDock Setup. This establishes your connection to FinDock MIDAS, our deployment app.
  4. Go to Salesforce Setup and install the connected apps as described above.
  5. Disconnect ProcessingHub and WebHub and reconnect them with your Integration User.

Long-term solution

We naturally do not want customers and partners to work with FinDock connected apps like this in the future. It is a suboptimal experience, but necessary at this time to meet the justifiably aggressive rollout schedule from Salesforce.

Our development team is studying and assessing different ways to conform with the new access requirements from Salesforce. Once we have identified the best way forward towards a long-term solution that is both robust and smooth, we’ll finalize development and plan the roll out.

If you have any questions or concerns, feel free to contact us.

Was this page helpful?