This article describes how to prepare a Riva connection account, the Salesforce account, and the Riva server to support a Riva standard impersonation connection to Salesforce.
To prepare Salesforce for the Riva sync:
- Confirm communication from the Riva server to Salesforce.
- Optional: Enable Salesforce trusted network access.
- Prepare the Riva connection user account in Salesforce.
- Verify the Salesforce profile permissions.
- Optional: Enable Riva to use OAuth authentication to Salesforce.
- Prepare the target user accounts in Salesforce.
- Add custom fields for Riva.
- Gather information for creating the Riva for Salesforce connection.
Step 1: Confirm Communication from the Riva Server to Salesforce
From the Windows system that will host Riva (see system requirements), confirm that you can log in to Salesforce by using an admin account and a normal user account.
If required, configure local or corporate firewalls to enable the connection to Salesforce. For more information, see the Salesforce.com whitelist.
Step 2: (Optional.) Enable Salesforce Trusted Network Access
The Salesforce administrator can choose to set up trusted network access, so that Salesforce user security tokens are not required. For instructions, see Enable trusted network access for Riva On-Premise.
Step 3: Prepare the Riva Connection User Account in Salesforce
Riva needs to use the credentials of a Salesforce user account that has been assigned to the System Administrator Profile:
- Identify an existing System Admin Salesforce account, or
- Create a new Salesforce user account, and add it to the Salesforce System Administrator Profile. We recommend a user name such as Riva-Sync.
Step 4: Verify the Salesforce Profile Permissions
Security policies for some organizations require assigning the Riva connection user to a custom Salesforce profile to limit permission assignment, in which case the permissions assigned to that Salesforce profile must meet the minimum Riva requirements. For more information, see Verify Salesforce "connection user" permissions.
Step 5: (Optional.) Enable Riva to Authenticate to Salesforce with OAuth
(Riva 2.4.47 or higher.)
To enable Riva to authenticate to Salesforce with OAuth:
In Salesforce, define a connected app.
- Caution: If the connected app's callback URL is used by an OAuth flow to pass an access token, the URL must use HTTPS or a custom URI scheme.
- The connected app's definition must include the following Selected OAuth Scopes:
- Access and manage your data (api).
- Access your basic information (id, profile, email, address, phone).
- Perform requests on your behalf at any time (refresh_token, offline_access).
In Salesforce, ensure that Refresh Token Policy is NOT set to Immediately expire refresh token or Expire refresh token after [ ]:
In Salesforce, on the left side, in the search box, enter "manage apps" (without the quotation marks).
In the left pane, under Manage Apps, select Connected Apps.
In the right pane, select the connected app you defined.
Near the top of the displayed connected app, select Edit Policies.
Under OAuth policies, ensure that Refresh Token Policy is NOT set to Immediately expire refresh token or Expire refresh token after [ ].
Note: Only five refresh tokens are allowed per user, and after that limit is reached, the oldest is expired. For more information, see https://help.salesforce.com/articleView?id=remoteaccess_request_manage.htm&type=5.
Step 6: Prepare the Target User Accounts in Salesforce
For each user that Riva will sync data for, ensure that the primary email address for each target Salesforce user account matches the primary SMTP Reply-to email address of the corresponding user mailbox.
Step 7: Add Custom Fields to Salesforce for Riva
The Riva connection to Salesforce uses the Standard Impersonation Model: Riva uses the permissions of the CRM user configured in the Riva Salesforce connection to create and modify items and data in the CRM. When Riva creates new items or modifies existing items in the CRM, Riva assigns ownership to the end user. But, by default, because the actions are being performed by the Riva connection user, the audit fields in CRM record the Riva connection user as the user that created and modified the item.
Customers can prepare custom Salesforce audit fields with standard impersonation.
Step 8: Gather Information for Creating the Riva Salesforce Connection
The following information is required when you create the Riva connection to the Salesforce organization.
- For an OAuth-based connection:
- Consumer Key
- Consumer Secret.
- Callback URL.
- For user credentials:
- The login name for the admin level account that the Riva connection will connect with.
- The password for that Salesforce admin level account.
- The type of connection (production, test/sandbox, or custom):
- If connecting to a Sandbox Salesforce organization, find out the user name suffix.
- If applicable, find out the custom URL.
- If proxy access is required to access the public internet, find out the proxy information.