Verify The Salesforce "System Administrator" Permissions

  • Updated
WARNING: The Riva for Salesforce Single Sign-On connection strategy described in this article is not supported for new Riva On-Premise installations.

New Riva On-Premise installations include a new strategy to provide impersonation access into Salesforce: the Standard Impersonation Model. For instructions on implementing the Standard Impersonation Model, see Prepare Salesforce for Riva and Create and test a Salesforce connection.

For current Riva On-Premise installations that use Salesforce Single Sign-On, administrators are encouraged to upgrade their Riva for Salesforce connection setup to the Standard Impersonation Model. For assistance, contact the Riva Success Team.

The procedures in the following article have been deprecated. The information is being retained for clients who have not yet converted to the new Standard Impersonation Model.


For SSO, the Riva server must use a connection to Salesforce that is configured to use the credentials of a Salesforce admin account (we now refer to that as the "Riva SSO connection account").  In Salesforce, the user profile for the Riva SSO connection account must be granted additional administrative permissions to manage SSO-enabled Salesforce users.

This article discusses:


Before assigning admin permissions for SSO-enabled Salesforce users, ensure that the following requirements have been met:

Steps to assign admin permissions for SSO-enabled Salesforce users

To assign admin permissions for SSO-enabled Salesforce users:

  1. Log in to the organization using an admin account.

  2. Select Setup > Administration Setup > Manage Users > Profiles.

  3. Edit the System Administrator user profile.

  4. Scroll down to Administrative Permissions, and ensure that the following permissions are checked:

    WARNING: Do not check the Is Single Sign-on Enabled user permission.  The Riva SSO connection account must authenticate to Salesforce using the Salesforce username and password. Riva SSO will fail if this permission is assigned to the Riva SSO connection account.
  5. Save the user profile.

Administrative Permissions Explained

In order to prevent unintended uses of the single sign-on provided, the Riva Single Sign-On Provider has two built-in requirements.  The user that is configured as the "connection user" on the Salesforce connection within Riva must be a member of a profile that has:

  • API Enabled = ON
  • Manage Users = ON
  • Modify All Data = ON

Tip: We recommend enabling the Password Never Expires option to avoid undue hardship when the password expires and having to reconfigure the Riva connection to Salesforce.

Was this article helpful?




Article is closed for comments.