Overview
During certain scenarios, the authentication to the Trust Center's Salesforce integration may be interrupted and will require a refresh.
This can happen for a number of reasons. In the past this has included simple inadvertent changes to the the integration user such as password rotation or new permission restrictions, or when large updates are released to the Salesforce platform and inexplicably forces connected app authentication to refresh.
Scenarios
For a simple authentication refresh, Trust Center admins can use the Update feature.
Note: The credential used here can and in most cases should be the same credentials. This is simply forcing the Salesforce integration to recheck credentials and issue a new authentication token.
In the Trust Center, navigate to Settings > Integrations > CRM > Salesforce
Click the vertical kebab menu on the right > Configure Salesforce
Next to the Salesforce connected box, click the three dots
Click Update
Select the Salesforce instance type (Production or Sandbox)
Click Save
Note: This integration will attempt to use the current browser session of the currently logged in Salesforce user. Please close any open sessions of Salesforce unless currently logged in as the same integration user needed for the integration
An authentication box will appear, if not logged in as explained above, users will be prompted to enter credentials
Once authenticated, click Next, then Finish (The Salesforce Configuration can be left as is)
Troubleshooting
While updating the connection, if this error is displayed, don't worry.
Salesforce has recently updated the way that Connected Apps work.
Complete the below steps and try to re-auth again.
If all else fails, please reach out to the Trust Center live chat to connect with a support rep.
This error means a Salesforce is blocking the Tray.io (our auth provider) connected app.(or it was never installed/approved at the org level)
This means that the OAuth flow fails before any token is issued. The Salesforce SFDC authentication process fails with this error when the app is blocked by an administrator.
Path to check the block: Setup > Platform Tools > Apps > Connected Apps > Connected Apps OAuth Usage.
Find the Tray.io entry.
If its Action button says "Unblock," the connected app has been blocked.
Click Unblock.
Note: Heads up on a known UI quirk, blocked apps show up at the very bottom of the OAuth Connected App Usage list, not in alphabetical order, so it is easy to miss.
If the app is not blocked but still failing, the admin likely needs to install it so it is not treated as an uninstalled app under the Salesforce 2025 connected app policy.
Even after unblocking, access can still be gated by who is allowed to authorize. Under the Tray.io connected app's OAuth Policies > Permitted Users, the admin picks one of:
All users may self-authorize: any authenticated Salesforce user can connect through the app.
Admin approved users are pre-authorized: admins grant access to specific users via Profiles and Permission Sets.
If it is set to admin-approved, the user has to be added to an approved Profile or Permission Set, otherwise it may hit a related OAUTH_APP_ACCESS_DENIED error.