Trusted applications allow login only for the specified user type (v.22, breaking change)

The "Impersonate As Community / Internal User Allowed" options of the trusted application have come to life in v. 22 / v.22 CTP6 (6.98) in particular/.

Now, the login of the app associated with the trusted application will be allowed only for the specified user type.

This means that when both options are OFF, the app would not be allowed to request a user to be authenticated.

If any or both options are ON, the login would be successful only if the authenticated user is of one of the allowed types - a community (external) or internal user. 

For more information about the 'Impersonate As Community / Internal User Allowed' options, click here


Does this change affect me?

All user-defined trusted app definitions might be affected. This includes the trusted app of the API sites.

Do not worry about the trusted applications for the Windows client & ID site - they are managed automatically.


What to do if this change affects me?

Look through the trusted applications in your database and the websites or external apps associated with them.

Think about which type of users should have access to them and check the appropriate box/es:

- Impersonate As Internal User Allowed (in v.20 the name of the box  is "Login as internal user");

- Impersonate As Community User Allowed (in v.20 the name of the box  is "Login as external user");

- or both.


Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk