Important Updates to Lightico's Salesforce Integration
Audience: Clients using the Lightico Salesforce Integration package
Overview
We have two upcoming changes to our Salesforce integration that we want to make you aware of. Both changes are driven by Salesforce's evolving security requirements and are designed to strengthen the protection of your data and ensure uninterrupted service.
One change is server-side, being handled entirely by Lightico and requires no action from you.
The other requires you to upgrade the Lightico app installed in your Salesforce org by end of September 2026.
Please read both sections below carefully and note which actions, if any, apply to you.
Change 1: Mandatory OAuth Security Controls (23 June 2026, 6:00 AM UTC)
What is changing and why?
On 27 May 2026, Salesforce notified all ISV partners — including Lightico — of mandatory security enhancements to Connected App and External Client App configurations. These changes strengthen the OAuth authentication framework that underpins our Salesforce integration and are being enforced globally across all Salesforce partners by 25 June 2026. The deadline is fixed and cannot be extended.
Lightico will implement the following four security controls on 23 June 2026 at 6:00 AM UTC, ahead of the Salesforce deadline:
Control | Description |
|---|---|
PKCE (Proof Key for Code Exchange) | Protects OAuth flows against authorization code interception attacks |
Refresh Token Rotation (RTR) | Invalidates old refresh tokens whenever a new access token is issued, limiting the window of exposure if a token is compromised |
Idle Refresh Token TTL | Limits the lifetime of inactive refresh tokens to 30 days, reducing the risk of long-lived token abuse |
Refresh Token IP Range Allowlist | Restricts refresh token requests to trusted, static IP ranges, preventing use from unauthorized locations |
These are server-side changes applied to Lightico's platform configuration. Salesforce has confirmed that once applied, these changes are irreversible.
Do you need to do anything?
No action is required before 23 June 2026.
As a best practice, we recommend verifying your access to Lightico and confirming that all Salesforce integrations are functioning as expected shortly after the change window on 23 June 2026. Should you notice anything unexpected, please contact our support team and we will assist you promptly.
Timeline
Date | Event |
|---|---|
27 May 2026 | Salesforce notified Lightico of mandatory security requirements |
23 June 2026, 6:00 AM UTC | Lightico implements the mandatory controls |
25 June 2026 | Salesforce's global enforcement deadline |
Change 2: Upgrade to the latest Lightico for Salesforce App (by 30 September 2026)
What is changing and why?
Lightico has completed a comprehensive security review of the Lightico for Salesforce integration package, conducted in alignment with Salesforce's latest security requirements and enhanced AppExchange validation processes. As a result of this review, an updated version of the package is now available on the Salesforce AppExchange.
The updated package includes upgraded security components and connection protocols that align with Salesforce's strengthened partner security standards — including the OAuth controls described in Change 1 above. Upgrading ensures you benefit from the highest level of protection for your data and integrations going forward.
What does the upgrade include?
Enhanced security components and OAuth connection protocols aligned with Salesforce's current standards
All existing features and workflows remain fully backward-compatible — no changes to your current processes are expected
Do you need to do anything?
Yes — upgrading to the latest version of the Lightico for Salesforce package by 30 September 2026 is required.
30 September 2026 is a deprecation deadline: after this date, Lightico will no longer provide support for earlier versions of the integration package. To ensure continued access to support and to maintain alignment with current Salesforce security standards, upgrading before this date is essential.
Recommended upgrade steps:
Obtain the latest package version from the Salesforce AppExchange (search for "Lightico")
Install and validate in your sandbox environment first as part of your standard internal change process
Once validated, deploy to production
For assistance with the upgrade, compatibility questions, or deployment guidance, please reach out to your Customer Success Manager or contact Lightico Support.
Timeline
Date | Event |
|---|---|
April 2026 | Latest security-approved package published to AppExchange |
30 September 2026 | Deadline to complete upgrade, end of support for earlier app versions |
Summary: Action Required
Change | What Lightico does | What you need to do | Deadline |
|---|---|---|---|
Server-side update | Implements all four controls server-side | Verify access and integration functionality after the change window | 23 June 2026, 6:00 AM UTC |
App package upgrade | Published updated package to AppExchange | Upgrade the Lightico for Salesforce app in your org | 30 September 2026 (deprecation deadline) |
Questions or Issues?
Contact Lightico Support at any time:
Email: support@lightico.com
We appreciate your partnership and your continued trust in Lightico.