Changing Connected App Tokens

Salesforce Connected App allows Veeam Backup for Salesforce to authenticate with Salesforce and get access to resources that will be protected. You can create the Connected App in any Salesforce organization. To learn how to create the Connected App, see this Veeam KB article.


You can protect multiple Salesforce organizations using a single Veeam Backup for Salesforce installation. However, due to the Salesforce Connected App limit of 5 authorizations per client, authorization issues may occur when you have several product installations leveraging the same Connected App. That is why it is recommended that you create a dedicated Connected App for each product deployment.

For more information on Salesforce OAuth Authorization Flows and Connected Apps, see Salesforce Documentation.

During the initial configuration, you are prompted to provide the Connected App OAuth tokens that are further used by Veeam Backup for Salesforce for the authentication process. However, you can change these tokens later in the Veeam Backup for Salesforce Web UI.


If you change the Connected App tokens, you must re-authorize all connections to Salesforce organizations added to Veeam Backup for Salesforce. Otherwise, all backup and restore operations will fail.

To re-authorize connections to Salesforce organizations, either navigate to Configuration > Salesforce > Salesforce Orgs and edit connections as described in section Editing Organizations, or navigate to Backup, launch the Edit Backup Policy wizard for each created backup policy, and follow instructions provided in Step 2. Configure Connection to Salesforce Organization.

Changing Tokens

To change the OAuth tokens, do the following:

  1. Switch to the Configuration page.
  2. Navigate to Security > Connected App.
  3. Click Change Connected App Tokens, and then click Proceed in the Confirm Operation window to acknowledge the operation.
  4. Specify the type of the Salesforce organization where your Connected App is created.
  5. Use the Consumer key and Consumer secret fields to provide the tokens obtained when creating the app.
  6. Click Connect.


If you have created a new Connected App, consider the following:

  • The Connected App must be assigned the Full access (full) and Perform requests at any time (refresh_token, offline_access) OAuth scopes. For more information on OAuth scopes in Salesforce, see Salesforce Documentation.
  • If you have configured Salesforce as an identity provider in Veeam Backup for Salesforce, the access unique user identifiers (openid) OAuth scope must be granted to the new Connected App. Otherwise, you will not be able to change the Connected App tokens.
  • The callback URL specified in the Connected App settings must match the Veeam Backup for Salesforce server address. You can copy the address in the Setting up Salesforce Connected App section.
  • It takes up to 10 minutes for newly created OAuth tokens to become active.


Changing Connected App Tokens