Users that use SSO (single sign on) or API Client Whitelisting will need to use the OAuth Login option. The OAuth login tab has support for custom domains, SSO and API Client Whitelisting.
OAuth Login generates a long term login token. If Auto Login is checked, the user will still be able to login EVEN IF THEIR SALESFORCE PASSWORD HAS BEEN CHANGED. When someone leaves the Organization, it is recommended that their user license in Salesforce be immediately deactivated and/or their login token be revoked. If a "generic" user is being used to access DemandTools, the password should be changed and the token should be revoked.
If an organization DOES NOT wish to allow OAuth Logins (i.e. long term tokens) the application can also be blocked completely. Users will still be able to use the API Login to access DemandTools which does not allow logins with expired passwords.
User tokens can be revoked or the application can be blocked in Salesforce via Setup - > Manage Apps -> Connected App OAuth Usage
- Users logging in without SSO enabled - enter Salesforce username and password
- security token NOT required
- Complete information on this option can be found HERE
- Users logging in with SSO enabled - enter SSO login credentials and your custom domain
- Complete information on this option can be found HERE
- Users logging in with Connect App enabled - enter Salesforce username and password and check the box for OAuth Connected App
- Complete information on this option can be found HERE
DemandTools usage can be monitored like a connected app but it IS NOT a true connected app UNLESS Salesforce's API Client Whitelisting is enabled in the Organization AND the DemandTools Managed Package is installed.
The managed package creates a DemandTools "Wrapper" app allowing login access to be restricted by user. To obtain a link to the DemandTools Helper "Wrapper" app, users must contact Validity directly (support@validity.com).
The entire application can be blocked from using OAuth Login and/or specific users can have their current long term token revoked. A new successful login will generate a new long term token, therefore users cannot be fully blocked by revoking a token. Individual user access to DemandTools is controlled solely on our authentication server and changes to access can be made by emailing our support department (support@validity.com).
More information on Connected App OAuth Usage can be found in Salesforce's Help.