The customer creates one connected app in a sandbox org. It assigns a unique ‘Client Id’ and ‘Client Secret’ to the client application.
By using this ‘Client Id’ and ‘Client Secret’, why the client application can connect to other orgs, which have no connected app?
This is an expected behavior.
You only need to set up a single connected app and you can then use the assigned ‘Client Id’ and ‘Client Secret’ values to have users log into any Salesforce org.
Salesforce Help Documentation: Using OAuth across multiple Orgs
Send us your feedback: We are always looking for feedback to help improve our Knowledge Base! Please let us know if this article is helpful or provide feedback on how we can improve your experience by clicking here.