Which of the following describes the functionality of connecting an app as a Canvas App?

Connecting an app as a Canvas App in Salesforce involves utilizing OAuth for access control. This means that the permissions and authentication needed for the app to interact with Salesforce are established through the OAuth protocol. By using OAuth, the app can securely obtain access tokens, allowing it to interact with Salesforce services without directly handling user credentials.

This secure process helps in ensuring that only authorized users and applications can access Salesforce data and services, which is crucial for maintaining the integrity and security of user information. Thus, the reliance on OAuth policy for access control is a fundamental aspect of how Canvas Apps operate within the Salesforce ecosystem, making it the correct choice.

In contrast, the other options misrepresent the characteristics of Canvas Apps. For instance, suggesting that they run independently of user sessions overlooks the fact that they are typically linked to user authentication. Claiming that there are no restrictions on access contradicts the built-in security mechanisms such as permissions and sharing rules. Lastly, the assertion that they store user credentials directly within the app highlights a major security risk and does not align with best practices, as credentials should be handled and stored securely.