Security Options for Deploying Riva for Salesforce and Exchange

Article ID: 611

Last updated: 12 May, 2016

Default Method for Deploying Riva for Salesforce

By default, Riva for Salesforce is designed to use Standard Impersonation. With Standard Impersonation, Riva for Salesforce

supports Office 365, Exchange 2013, 2010, 2007 and 2003 (both EWS and MAPI connections),
does not require the Salesforce SSO feature so deployment can be completed in a single day, and
is easier to deploy and manage than Riva Delegate Authentication - SSO for Salesforce.

Is "Riva Delegate Authentication - Single Sign-on for Salesforce" still supported? Yes, all of the previous methods are still supported, but the Standard Impersonation model is now the default deployment method for all Riva for Salesforce installations.

Options to Configure Riva to Sync to Multiple Salesforce Users to Exchange

There are two options to configure Riva to sync multiple Salesforce users with Exchange:

Deploy Riva for Salesforce using Standard Impersonation: Now the default for all future Riva installations.
Original deployment methods: Not recommended, but still supported

Deploy Riva for Salesforce using Standard Impersonation

This deployment method uses a standard Riva server deployment checklist. When completed, the Riva server includes

one Riva connection to Exchange using a service account that syncs all user mailbox accounts,
one Riva connection to Salesforce using an admin account that syncs all target user CRM accounts, and
one Riva sync policy for a collection of target users.

For the checklist, see the Deploy Riva for Exchange deployment guide, or contact the Riva Success Team to book a Get Started Bundle.

Get Started Bundle

Is this the first time you implement Riva On-Premise?

If you need assistance with deploying Riva On-Premise, we offer a Get Started Bundle professional on-boarding service. Within three hours of discovery, installation, configuration, licensing, testing, and introductory admin training, we will have you up and running with Riva On-Premise. To order a Get Started Bundle, contact the Riva Success Team.

Original Deployment Methods

These methods are still supported for existing clients. Clients who want to deploy Riva server using hosted or on-premises SSO impersonation methods should book a Getting Started Bundle to ensure that the SSO environment is properly installed and configured.

Configure Riva to use the hosted SSO provider as a Service (for Exchange 2010 and 2007);
Configure Riva to use an on-premises SSO provider (for Exchange 2003 and GroupWise, Exchange 2007, Exchange 2010, or complex authentication requirements); or
Configure Riva to use single-user sync policies (SSO not required).

Configure Riva to use the hosted Riva SSO provider

When to use this Riva configuration option: The hosted SSO provider service enables customers with Riva connections to Exchange Web Services (EWS) on Exchange 2007 or Exchange 2010 or Office 365 to configure Salesforce SSO. This deployment does not require an appointment with a Riva Success Team member.

Limitations: The hosted SSO provider service does not support NTLM / Kerberos authentication. For NTML / Kerberos integration authentication, the on-premises SSO provider must be installed on a server in your data centre.

For the steps to deploy Riva and configure the Riva hosted SSO provider, see Deploy Riva for Exchange and Salesforce using the hosted SSO provider.

Configure Riva to use an on-premises SSO provider

Riva clients have the option to deploy an on-premises SSO provider server on a local Windows server hosting a public facing IIS web server. This deployment does require an appointment with a Riva Success Team member to install, configure, and test the local SSO provider service.

When to use this Riva configuration option: This option is available to be used with

Riva server deployments connecting to an Exchange 2003 system or GroupWise email system,
Riva server deployments connecting to an EWS 2010 or 2007 system, and
Environments that need to implement NTLM / Kerberos integrated authentication or have other advanced security requirements.

For the steps to deploy Riva and prepare to implement the Riva On-Premise DA-SSO provider, see Deploy Riva for Exchange and Salesforce using the on-premises SSO provider.

Configure Riva to user single-user sync policies (SSO not required)

With this option, the Riva administrator must create a Riva CRM connection for each target user's Salesforce user account and assign a separate Riva sync policy to use the specific CRM connection. If there are five users to sync, the Riva administrator needs to configure five individual CRM connections (one per target user) and five separate sync policies (one per target user). The major disadvantage of this option is that when the user's Salesforce password changes, that password must be updated in the Riva CRM connection for the user.

When to use this Riva configuration option: This option is suitable

when evaluating Riva with one or two target users or
when company security policies preclude the use of Single Sign-On services.

For the steps to prepare and deploy Riva for single-user policies, see Deploy Riva for Exchange and Salesforce using single-user sync policies (non-SSO).

Report an issue

Article ID: 611

Last updated: 12 May, 2016

Revision: 3

« Create, Test, and Edit a Salesforce Connection: Riva On-Premise

Common Riva for Salesforce Sync Questions »