Who this article is for
This guide is for all Backstory customers with an active Salesforce integration. If your organization syncs data between Backstory and Salesforce, or if your users access Backstory applications (like Unified Backstory Application), these steps are mandatory to prevent future service interruptions.
Cause
Recently, Salesforce changed its security policy to restrict the use of uninstalled Connected Apps. This is not an issue with the Backstory platform, but a new, mandatory requirement from Salesforce that requires a one-time setup action from all customer administrators.
This policy affects both the core Backstory data integration and the Unified Backstory Application application.
The Salesforce policy now blocks any new or re-authenticating users from accessing applications that an administrator has not explicitly installed and authorized. While existing connections may continue to work until their token expires, all clients will eventually be impacted.
β
For full details on the change, Salesforce's recommendations, and instructions on administering Connected Apps to comply, please refer to this Salesforce Help Article: Prepare for Connected App Usage Restrictions Change.
Understanding the Backstory Apps in Salesforce
To ensure you are configuring the correct component, it's essential to understand the primary Backstory Connected Apps in Salesforce.
Backstory Integration App (for Data Sync) This app manages the background data sync between the core Backstory platform and Salesforce. It is configured from the Integrations page within the Backstory application. This app may also show up as: "Backstory".
Unified Backstory Application App (User Login)- This app manages user authentication for the Unified Backstory Application application. You should focus on this app if your users are reporting errors when logging in to Unified Backstory Application.
Backstory Canvas App (for Embedded UI). This app is used to embed the Backstory user interface directly into your Salesforce pages. It is installed via a Managed Package and configured separately. The steps below do not apply to the Canvas App.
Symptoms
Your organization may be affected by this policy change if:
Your background data sync for the core Backstory platform is failing with permission errors. Logs may show an
OAUTH_APP_ACCESS_DENIEDerror.When your users attempt to access Unified Backstory Application, Salesforce redirects them to an error page with the following (or similar) message:
OAUTH_APPROVAL_ERROR_GENERIC : An unexpected error has occured during authentication. Please try again.You see no data in the Permissions section of the Backstory Integrations > CRMs page.
You have tried to Re-Authorize the Salesforce <> Backstory Connection without success.
You are notified by your Backstory Customer Success Manager (CSM) or a Support representative that the integration connection is failing or at risk.
How to authorize the Connected App
The following steps are now mandatory for both new and existing Salesforce connections.
Part 1: Initiate the connection (for new or re-authorizing setups)
From the Backstory application, navigate to Integrations and attempt to Authorize your Salesforce connection.
This initial attempt may fail with an error, but it is a necessary step to make the Connected App visible to your Salesforce administrator for the following steps.
Part 2: Authorize the app in Salesforce (for all customers)
A Salesforce Administrator must perform the following steps:
Navigate to Setup > Connected Apps OAuth Usage.
Find the correct Backstory application you need to authorize (e.g., Backstory Integration App or Unified Backstory Application) and click Install.
Note: The app may appear in this list simply as Backstory.
Click Manage App Policies.
Click Edit Policies.
In the OAuth Policies section, locate the Permitted Users dropdown and select 'Admin-approved users are pre-authorized'.
Click Save.
On the Connected App page, click "Manage Permission Sets" or "Manage Profiles" to add the specific integration user group that requires access.
β
This is an excellent opportunity to review your overall integration settings for Backstory. You may need to re-authorize the integration user.
How to check that data is flowing between CRM and Backstory.
Check the Connections and Package tab in the UI. You can find this page by navigating to Integrations > CRMs.
Check the Permissions Tab on the same page as above. A recent "Last Synced" date and time is strong evidence that data is flowing.
The Sync Log tab shows a history of push (towards Salesforce) and pull (from Salesforce to Backstory) operations. Recent successful events on this page is also strong evidence that data is flowing.
Completing all three checks should indicate that data is flowing; however, if you encounter any issues, you can reach out to support@backstory.ai for assistance.
FAQS
1. Why is this action suddenly required? This is required due to a mandatory security update from Salesforce that requires administrators to approve all third-party applications explicitly.
2. I can't find the 'Backstory Integration App' or 'Unified Backstory Application' in my Connected Apps OAuth Usage list. What should I do? This is expected if a connection hasn't been attempted recently.
To make the app appear, you must first trigger a connection attempt from within the Backstory application. Please follow the steps in "Part 1: Initiate the connection" of this guide. The attempt will likely fail, but it will make the app visible for you to authorize. This behaviour is a well-known and frequently confirmed principle in Salesforce developer communities.
3. Is the Backstory service down, or is this a bug? No, the Backstory service is fully operational. The error is a direct result of the new Salesforce security policy.
4. Why can some of my teammates still access Unified Backstory Application, but I can't? The Salesforce update primarily affects users who log in for the first time or re-authenticate. A teammate with an active session may not see the error until it expires.
5. What is the difference between this and the Backstory security update from September 5th? They are two separate events. The Backstory security update on September 5, 2025, was a planned action that logged all users out. The separate Salesforce-driven policy change is causing the login error you are currently experiencing.
6. As an administrator, do I need to authorize every user one by one? No. After setting the Permitted Users policy, you can efficiently grant access by adding an entire user Profile or Permission Set to the Connected App.
7. Does this Salesforce change impact any of our other applications? Yes, it's possible. This change affects all "uninstalled" Connected Apps in your Salesforce environment, not just Backstory applications.