Article ID: 286
Last updated: 15 Mar, 2016
WARNING: The Riva for Salesforce Single Sign-On connection strategy described in this article is not supported for new Riva On-Premise installations.
New Riva On-Premise installations include a new strategy to provide impersonation access into Salesforce: the Standard Impersonation Model. For instructions on implementing the Standard Impersonation Model, see Prepare Salesforce for Riva and Create and test a Salesforce connection. For current Riva On-Premise installations that use Salesforce Single Sign-On, administrators are encouraged to upgrade their Riva for Salesforce connection setup to the Standard Impersonation Model. For assistance, contact the Riva Success Team. The procedures in the following article have been deprecated. The information is being retained for clients who have not yet converted to the new Standard Impersonation Model. BackgroundIt is a best practice for customers who evaluate Riva Integration Server for Salesforce and Exchange to configure Riva to use a personal Salesforce connection and an individual CRM synchronization policy for each Salesforce user account being used during the testing. For testing for up to five Salesforce accounts, this is a workable solution. To support more than five Salesforce accounts, we recommend implementing Riva Delegated Authentication, Single Sign-on and User Impersonation (Riva DA-SSO for Salesforce). This will allow a single Riva policy to synchronize multiple Salesforce accounts. Riva DA-SSO for Salesforce:Riva Integration Server includes a free Riva Delegated Authentication and Single Sign-On for Salesforce service. The delegated authentication and Single Sign-on process mean users don't have to remember a separate Salesforce password. After implementing Riva DA-SSO, Salesforce accepts the user's ActiveDirectory/Exchange password. Users therefore only have one password to remember, their AD/Exchange password - the primary reason for delegated authentication and single sign-on in an enterprise implementation. DA-SSO workflow is as follows:Salesforce.com user attempts a login --> Salesforce sends the user credentials to the SSO Provider --> The SSO Provider connects to the authentication provider (SMTP/HTTPS) to test the user credentials (located on your internal server or as a service provided by Omni) --> SSO Provider responds to SFDC true/false. The main benefit for end users after Salesforce SSO has been implemented is they only need to remember one password. Their Active Directory/Exchange password is used to access Salesforce. The main administrative objective in implementing SSO is to allow for Riva to be able to impersonate users and thereby synchronize multiple Salesforce accounts from a single instance of Riva. Planning for Riva DA-SSO for SalesforceThe customer needs to decide the authentication method and target against which the SSO provider will relay authentication attempts. The authentication attempt will be based on the email address associated with the Salesforce.com (SFDC) username matching the email address in Active Directory UPN (eg. user@domain.com).
Implementing Riva DA-SSO for Salesforce On-Premise (Installed at customer location)STEP 1 - The first step in the process is for the customer to send a request to Salesforce to implement SSO against their account. This process is completed by submitting the request from the Salesforce admin account management interface. This should be done immediately because it might take Salesforce a couple of days to service this request. The customer also has to prepare their environment for Salesforce.com SSO. STEP 3 - An Omni technician will implement Riva SSO Provider and reconfigure the Riva Salesforce Connection and Policy to properly use SSO. There is an additional fee to install and configure Riva DA-SSO On Premise. Implementing Riva DA-SSO for Salesforce as a Service (Hosted by Omni)STEP 1 - The first step in the process is for the customer to send a request to Salesforce to implement SSO against their account. This process is completed by submitting the request from the Salesforce admin account management interface. This should be done immediately because it might take Salesforce a couple of days to service this request. The customer also has to prepare their environment for Salesforce.com SSO. STEP 3 - An Omni technician will work with you to confirm the Riva DA-SSO Provider is properly configured against your Riva Salesforce Connection and that the Sync Policies work properly with the new Riva DA-SSO-enabled connection. The first one hour of implementing Riva DA-SSO as a Service are included in the purchase price of your Riva licences.
Article ID: 286
Last updated: 15 Mar, 2016
Revision: 2
Views: 5875
Also read
|