New Riva On-Premise installations include a new strategy to provide impersonation access into Salesforce: the Standard Impersonation Model. For instructions on implementing the Standard Impersonation Model, see Prepare Salesforce for Riva and Create and test a Salesforce connection.
For current Riva On-Premise installations that use Salesforce Single Sign-On, administrators are encouraged to upgrade their Riva for Salesforce connection setup to the Standard Impersonation Model. For assistance, contact the Riva Success Team.
The procedures in the following article have been deprecated. The information is being retained for clients who have not yet converted to the new Standard Impersonation Model.
A Riva On-Premise attempt to log in to Salesforce with Salesforce Single Sign-On is authorized if it meets one of the following conditions:
- The connection and login originate from a trusted network IP address (preferred default), or
- The connection and login include a security token.
Challenges
The primary challenge with using security token-based authentication is if the authentication credentials (password and security token) are changed, the Riva On-Premise connection for Salesforce fails until the new credentials (with a new security token) are saved into the connection.
Resolution
Salesforce provides a mechanism to enable trusted network access for the Salesforce account. This must be configured in the Setup settings for the Salesforce administrator account. If you cannot perform this task, ask your Salesforce admin to do it.
To implement Salesforce.com trusted network access
-
Contact the Riva Success Team to obtain the latest IP address for the Hosted Riva SSO Provider service.
-
Log in to Salesforce.com as the organization admin account.
-
From the top navigation links, select Setup.
-
In the left pane, under Administration Setup, select Security Controls and Network Access.
The Network Access detail page displays a Trusted IP Ranges table.
-
Select New.
-
Add the IP address (provided by the Riva Success Team) for both the Start IP Address and End IP Address values. Select Save.
Note: The IP address 184.72.108.101 is not an approved IP address and is used in the screenshots for this procedure for example purposes only. -
Confirm that the IP address appears in the list of Trusted IP Ranges.
Once the trusted network has been saved, the security token is no longer required for the Riva connection for Salesforce. If your Salesforce.com password is changed, the Riva On-Premise connection for Salesforce needs to be modified to use the new password, but the security token does not need to be specified.
Applies to
Use this procedure to enable Trusted Network Access for:
- Riva On-Premise servers with Salesforce connections configured to use the Riva SSO Provider (Hosted)