Configuring the iDialogue External Client App Manager

Latest Release

1.0.2.1 — 2026-04-02

• Package Name: iDialogue Connection
• Subscriber Package Version ID: 04tPj00000B5Ql7IAF
• Package Version: iDialogue Connection@1.0.2-1
• Production Install URL: https://login.salesforce.com/packaging/installPackage.apexp?p0=04tPj00000B5Ql7IAF
• Sandbox Install URL: https://test.salesforce.com/packaging/installPackage.apexp?p0=04tPj00000B5Ql7IAF

Canonical API Connection URL

Use the following URL to start the canonical API connection flow for an installed iDialogue External Client App:

https://api.idialogue.app/v1/connect/salesforce/start?ctx=api&orgid={orgid}

Replace {orgid} with your Salesforce Organization ID.

After installing the iDialogue Connection External Client App (ECA) the ECA must be configured to align with your orgs intended use.

We recommend updating 3 policies to ensure long-running agents run smoothly and have the necessary permissions to access org data and function as intended.

External Client App Manager

Go to Setup > External Client App Manager and find the "iDialogue External Client Connection".

Scroll down and expand the "OAuth Policies" and adjust the following settings:

• Permitted Users: "Admin approved users are pre-authorized"
• Refresh Token Policy: "Refresh token is valid until revoked"
• IP Relaxation: "Enforce IP restrictions, but relax for refresh tokens"

Permitted Users

"Admin approved users" ensures that only users who have been explicitly granted access to the ECA can use it. This is important for security and control over who can run agents.

In an agent-based configuration, only the API user requires access.

Configure the iDialogue External Client App

After installing the iDialogue Connection External Client App (ECA), review its OAuth policies to align the app with your org’s security and operational requirements.

We recommend updating the following three settings for long-running agent use cases.

External Client App Manager

Go to:

Setup → External Client App Manager

Open iDialogue External Client Connection.

Scroll down, expand OAuth Policies, and set:

• Permitted Users: Admin approved users are pre-authorized
• Refresh Token Policy: Refresh token is valid until revoked
• IP Relaxation: Enforce IP restrictions, but relax for refresh tokens

Permitted Users

Setting Permitted Users to Admin approved users are pre-authorized ensures that only explicitly authorized users can use this External Client App.

For most agent-based configurations, only the designated API or integration user needs access.

To authorize users:

1. In the ECA, scroll to App Policies
2. Click Edit
3. Select the profiles or permission sets that should be allowed to use the app
4. Click Save
5. Assign those same profiles or permission sets to the intended users

Refresh Token Policy

The ECA is already configured to support refresh token rotation. Setting Refresh token is valid until revoked allows the connection to remain active until it is explicitly revoked by an administrator or user.

This is the recommended setting for long-running agent or integration workloads. More restrictive expiration settings can cause the connection to stop working after the refresh token expires, requiring reauthorization.

IP Relaxation

We recommend Enforce IP restrictions, but relax for refresh tokens.

This keeps the initial authorization flow aligned with your org’s IP controls, while allowing backend refresh-token requests to continue working even if the hosting environment does not use fixed outbound IP addresses.

This is commonly appropriate when the integration backend runs on cloud infrastructure where outbound IP addresses may vary over time.