Prepare for the Hosted Riva SSO Provider for Salesforce

Riva offers a no-cost Riva Single Sign-on (SSO) Provider service hosted "in the cloud". This hosted SSO Provider offers customers a means to self-enable Riva to use SSO for Salesforce. This hosted service supports customers with public internet access who use:

• Exchange Web Services (EWS) 2007 or 2010 - on-premise or hosted
• Salesforce: Professional, Enterprise or Unlimited subscriptions

How to Prepare for the Hosted Riva SSO Provider

Steps to prepare for the Hosted Riva SSO Provider for Salesforce:

1. Prepare the Windows system requirements
2. Prepare Exchange target users
3. Prepare Salesforce for SSO

Windows system requirements

• If Internet Explorer is configured to connect to a WPAD server:
  • disable that setting, or
  • configure an App.Setting that provides an alternate proxy connection, or
  • configure the "Use Proxy" settings on the Riva connection to Salesforce.com. (after the connection is created).
• Configure local or corporate firewalls to enable connection to Salesforce.com.
• Confirm that you can log in to the Salesforce.com login web page (login.salesforce.com) from the Windows system hosting the Riva CRM server.

Prepare Exchange target users

Riva SSO for Salesforce has different username matching requirements for on-premise Exchange versus hosted Exchange. Ensure that the usernames for the target user accounts in Exchange match the usernames for the corresponding target users in Salesforce:

• For On-Premise Target Exchange Systems: Salesforce usernames must match the UPN of the Exchange target users. If the Active Directory domain uses a domain name (e.g. mycompany.local) that is different than the SMTP email domain name (e.g. mycompany.com), there will not be a match and Riva will not be able to match the Exchange target user to the Salesforce target user. In those circumstances the email domain name suffix can be added to the Active Directory domain – see this TechNet article to add UPN domain suffixes for instructions to configure UPN suffixes to match email domain name(s) if necessary.

• For Hosted Target Exchange Systems: Salesforce usernames must match user's primary SMTP email address.

Prepare Salesforce for SSO

These steps will enable Single Sign-On in a Salesforce organization. If a company uses multiple Salesforce organizations, these steps must be repeated for each organization. To prepare and enable a Salesforce organization for SSO:

1. Activate the “Delegated Authentication Single Sign-On” (DA-SSO) feature.

2. Configure a “Network Trust” for the hosted Riva SSO Provider.

3. Configure a "Network Trust" for the Riva server.

4. Modify the Salesforce "System Administrator" user profile to support administering SSO-enabled target users.

5. Prepare SSO-enabled User Profiles / Permissions Sets. Required for Salesforce Enterprise and Unlimited organizations.