Troubleshooting third-party app installation and configuration in Salesforce requires a systematic approach that addresses permissions, compatibility, and technical setup. Salesforce provides direct support for installation and uninstallation issues but limits troubleshooting for third-party app functionality unless explicitly covered in the app's AppExchange listing ^[1]. Most common problems stem from permission gaps, custom object/tab limits, or misconfigured OAuth and API settings. For example, errors like "No ApexClass Found" or "Connection Error" often indicate missing permissions or expired credentials ^[2], while "Insufficient Privileges" errors during sandbox installations typically require verifying user roles and vendor access ^[7].

Key findings from the sources include:

• Permission requirements are critical: Users must have "Download AppExchange Packages" and "Manage Billing" permissions, along with Apex code authorization if applicable ^[3].
• Edition limitations can block installations: Professional Edition users may encounter "Missing Feature Apex" errors when trying to install apps requiring Enterprise features ^[9].
• IP allowlisting and OAuth configurations are frequent pain points: New IP ranges (e.g., Jetstream's 2025 updates) must be pre-configured, and Connected Apps may need dynamic setup for seamless authorization ^[4][5].
• Sandbox vs. production discrepancies often cause failures: Vendors may lack proper access in sandbox environments, requiring explicit permission grants ^[7].

Core Troubleshooting Areas for Third-Party Apps

Installation and Permission Errors

Installation failures in Salesforce third-party apps overwhelmingly trace back to permission mismatches or org limitations. The most common errors—"Insufficient Privileges," "Missing Feature Apex," or package unavailability—can typically be resolved by verifying user profiles and org settings before attempting installation.

• Required permissions for installation:
• "Download AppExchange Packages" permission is mandatory for all installers ^[3].
• "Manage Billing" permission may be required for paid apps or those with licensing components ^[3].
• Apex execution rights are necessary if the package includes Apex classes or triggers, which can be granted via the "Authorize Apex" permission ^[3].
• For Connected Apps, users need "Manage Connected Apps" or "API Enabled" permissions to configure OAuth flows ^[6].

• Edition-specific constraints:
• Apps requiring Apex (e.g., Gong) will fail in Professional Edition orgs with the error "Missing Feature Apex," as Apex is only available in Enterprise and higher editions ^[9].
• Custom object and tab limits vary by edition. For example, exceeding the 200 custom object limit in Enterprise Edition will block installations unless unused objects are archived or the org is upgraded ^[3].

• Sandbox environment pitfalls:
• Vendors may lack automatic access to sandbox orgs, requiring explicit permission grants via the "Deploy to Sandbox" option in AppExchange or manual role assignments ^[7].
• The "Insufficient Privileges" error in sandboxes often resolves when the installer’s profile is cloned from production with identical permissions ^[7].
• Developer accounts can serve as a workaround for testing installations when sandbox access is restricted ^[7].

• Base package dependencies:
• Extension packages will fail if their base package is missing. Always install the base package first, as noted in the app’s documentation or AppExchange listing ^[3].
• For Force.com Lab apps, verify the app’s status on AppExchange, as these are community projects with limited support ^[1].

Configuration and Connectivity Issues

Post-installation, configuration errors frequently involve OAuth misconfigurations, IP restrictions, or API access problems. These issues manifest as "Connection Error," "Salesforce Not Accepting Calls," or failed data syncs, and typically require adjustments to Connected App settings or network policies.

• OAuth and Connected App troubleshooting:
• "INVALIDGRANT" or "INVALIDSESSION_ID" errors indicate expired or revoked OAuth tokens. Refresh tokens via the Connected App’s settings in Setup > App Manager ^[10].
• For seamless authorization without pre-existing Connected Apps, third-party apps can dynamically create a Connected App in the user’s org upon first login, using Salesforce APIs to automate the setup ^[5].
• Callback URLs and OAuth scopes must match exactly between the third-party app and Salesforce. For example, Gong requires the "api" and "refresh_token" scopes for full functionality ^[9].

• IP allowlisting and network access:
• "Salesforce Not Accepting Calls" errors often stem from missing IP allowlists. For Jetstream, new IP ranges effective October 27, 2025, must be added to Salesforce’s Network Access settings under Setup > Security > Network Access ^[4].
• Salesforce’s API may reject connections from unlisted IPs, even for authenticated users. Always cross-reference the third-party app’s documentation for required IP ranges ^[2].
• Domain restrictions in Salesforce can block logins from third-party apps. Adjust the "Login IP Ranges" in Profile settings or use "Trusted Networks" for broader access ^[4].

• API and Apex-related configuration:
• "No ApexClass Found" errors occur when the installer lacks permissions to access Apex controllers. Grant "Modify All Data" or "Authorize Apex" permissions temporarily during setup ^[2].
• API user credentials may expire silently, causing "Connection Error" messages. Check the API user’s login history under Setup > Users > [User] > Login History for failed attempts ^[2].
• For apps like Marketing Cloud Connect, running the setup wizard in Salesforce Classic UI can resolve "Setup Wizard Error" issues that persist in Lightning Experience ^[2].

• Field and data access problems:
• "INVALID_FIELD" errors in integrations (e.g., Gong) typically mean the user lacks visibility to required fields. Adjust Field-Level Security (FLS) in the field’s settings or the user’s profile ^[9].
• Canvas Pages must be enabled in Salesforce to display third-party app data (e.g., conversation transcripts in Gong). Navigate to Setup > App Manager > [App] > Canvas App Settings ^[9].
• Rate limits can throttle API calls, especially in bulk operations. Monitor usage under Setup > Company Settings > API Usage and consider using the Bulk API for large data syncs ^[10].