We recommend that only System Administrators should be able to process the oAuth for the PK4 TimeTracker app. By default, all Salesforce users in your org have access to the oAuth tile when they login to their Salesforce account. The default permission to access PK4 TimeTracker objects is through the ID of the System Administrator that installed the PK4 TimeTracker app from the AppExchange.


The non-Salesforce user will not have access to some Standard Salesforce Objects and the PK4 TimeTracker objects, and if that user process the oAuth for the Time Tracker app, it causes problems in the user login, Clock-In/Out, and Check-In/Out process for all the TimeTracker users.


Therefore, we suggest that only System Administrators should access the oAuth link. System Administrators can enable or disable the oAuth option to other Salesforce users.


Here is what you need to do to hide the oAuth authentication link.

  • Log in to Salesforce as administrator and click the Setup button and search for App Manager
  • Click the Setup button and click the Apps Tab
  • Click on the App Manager and go to PK4 TimeTracker oAuth in the list and click the Manage button
  • Click on the Edit Policies button and select "Admin approved users are pre-authorized" from the permitted users dropdown
  • You see a pop-up that tells you users currently using this app will be denied access and they will have to log in again- click the Ok button and save the changes.
  • Then scroll down the same screen to the section Manage Profiles,
  • Click the Manage Profiles button, you see the list of Salesforce Profiles in your Org,
  • Select only the profile "System Administrator" and click the Save button.

Now no Salesforce Users can see the oAuth option,  including the Salesforce Administrator.


You must now enable the oAuth option only for Salesforce Administrators.

  • Go to the Edit policies screen and select the "Enable User Provisioning " Checkbox and click the Save button.


Now, only the Salesforce Admin user has the option to process oAuth for the PK4 TimeTracker application.


Note: Once you enabled the oAuth option only for Salesforce Administrators and disable it for other users, you should process the oAuth for the PK4 TimeTracker application from the Salesforce Admin ID. Otherwise, the users will not be able to log in to the PK4 TimeTracker app and see a message as the org license expired.