WARNING: The Riva for Salesforce Single Sign-On connection strategy described in this article is not supported for new Riva On-Premise installations.
New Riva On-Premise installations include a new strategy to provide impersonation access into Salesforce: the Standard Impersonation Model. For instructions on implementing the Standard Impersonation Model, see Prepare Salesforce for Riva and Create and test a Salesforce connection.
For current Riva On-Premise installations that use Salesforce Single Sign-On, administrators are encouraged to upgrade their Riva for Salesforce connection setup to the Standard Impersonation Model. For assistance, contact the Riva Success Team.
The procedures in the following article have been deprecated. The information is being retained for clients who have not yet converted to the new Standard Impersonation Model.
In order for the synchronization engine to fully comply with user data, profile, role and territory security, the Riva Delegated Authentication - Single Sign-on for Salesforce (Riva DA-SSO) must be configured. This additional service allows Salesforce.com to "Impersonate" multiple users from a single account and check the validity of user credentials against a server in your environment that confirms login and password information. After configuring Riva DA-SSO for Salesforce, the Riva server will be able "impersonate" each user's Salesforce account without needing to know each user's password.
Riva provides an On-Premise SSO Provider server for Salesforce that is installed on a public-facing IIS server in the customer's environment. The On-Premise SSO Provider server is required / recommended for:
To prepare for the deployment of the Riva On-Premise SSO Provider for Salesforce:
The Riva DA-SSO Provider server must be installed on a Windows server that meets the following system requirements:
These steps will enable Delegated Authentication - Single Sign-On (DA-SSO) feature in a Salesforce organization. If a company uses multiple Salesforce organizations, these steps must be repeated for each organization.
To prepare and enable a Salesforce organization for DA-SSO:
To reduce the exposure of the single sign-on provider to the internet, consider white listing the specified ranges of IP addresses *OWNED* by Salesforce.com. It is not leased or shared in any way with any other organizations.
Salesforce.com has an IP address block allocated directly to salesforce.com by the American Registry for Internet Numbers (ARIN).
To provide continuity of service if you utilize IP address security filters, whitelist or otherwise add salesforce.com's IP address space to your list of trusted addresses.
The IP address spaces are as follows:
220.127.116.11/23 East Coast Data Center (set one)
To clarify, the "0/25" that you see in the ranges refers to an abbreviated form of Classless Inter-domain routing (CIDR) notation. In essence, this notation is a network number followed by a "/" and a number , the latter number indicates the number of 1's (starting a the left most bit i.e MSB - most significant bit) in the subnet mask i.e the number of bits relevant to a network portion of the IP address. So "/25" means 25 bits constitute the subnet mask of 255.255.255.128, and really 25 bits reserved for network address which is identified by performing bitwise "AND" to the full network number.
For example 18.104.22.168/25 means 2 possible networks in the form of 22.214.171.124 and 126.96.36.199 each having possible 126 hosts i.e total 252 hosts or IP addresses per specified range.
To schedule the installation of the Riva On-Premise SSO Provider server, contact the Riva Success Team.
Article ID: 554
Last updated: 12 May, 2016
Also listed in
Riva On-Premise - CRM Sync -> Get Started with Riva On-Premise -> Deploy Riva On-Premise -> Step 1 - Prepare -> Prepare Your CRM for Riva -> [Archive of Retired Content]