Active Topics          Search          Help
            Register          Login
Riva Integration Server for GroupWise (Forum Locked Forum Locked)
 Omni Web Forum : Riva Integration Server for Exchange and GroupWise : Riva Integration Server for GroupWise
Subject Topic: Riva Single Sign-on for Salesforce Post ReplyPost New Topic
Author
Message
Gordon Welling
Admin Group
Admin Group

Manager Technnical Support Services

Joined: 11-December-2003
Location: Canada
Posts: 637
Posted: 25-June-2010 at 4:57pm
Background:  Customers that evaluate Riva Integration Server for Salesforce and GroupWise usually configure Riva to use a personal Salesforce connection and individual CRM synchronization policy for each Salesforce user account being used during a trial.  For small business environments with one to three Salesforce accounts, this is a workable solution.  To support more than three Salesforce accounts, we recommend implementing Riva Single Sign-on (SSO) for Salesforce.

Riva SSO for Salesforce:  Riva Integration Server ships with a free Riva Single Sign-On for Salesforce service. Riva Single Sign-on for Salesforce means users don't have to remember a separate Salesforce password. Their Salesforce password gets replaced by the eDirectory/GroupWise password - the whole reason for single sign-on in an enterprise implementation. Read more about Riva Single Sign-On for Salesforce.

SSO workflow is as follows: Salesforce.com User attempts a login  -->  Salesforce sends the user credentials to the SSO Provider  -->  The SSO Provider connects to the authentication provider (SMTP/HTTP) to test the user credentials  -->  SSO Provider responds to SFDC true/false.

The main user objective in implementing Salesforce SSO is to remove the need for users to manage multiple passwords.  Users' AD password becomes their Salesforce password.  The main administrative objective in implementing SSO is to allow for user impersonation from a single Salesforce administrator connection.

Implementing Riva SSO for Salesforce

STEP 1 - The first step in the process is for the customer to send a request to Salesforce to implement SSO against their account.  This process is completed by submitting the request from the Salesforce admin account management interface.  This should be done immediately because it might take Salesforce a couple of days to service this request.  

STEP 2 - The customer must contact Omni technical support to schedule implementation of Riva SSO for their Riva Integration Server.  Let us know when your request for SSO to be enabled is completed by Salesforce and we will schedule a technician to work with you to complete the SSO piece.  We recommend planning on approximately two hours for installing, configuring and testing.
There is no charge for Riva SSO or for the support required to implement Riva SSO for a customer's environment.
 
STEP 3 - An Omni technician will implement Riva SSO.  This is the checklist that our technician uses to work through the SSO configuration:

1. SSO must be enabled at SalesForce.
2. SSO must be configured in SalesForce settings to point to Riva SSO server.
3. Each user must be configured in the Salesforce Administration Panel to use SSO.
4. Riva CRM server external IP must be part of trusted IP range (Administration Setup->Security Controls->Network Access).
5. Riva SSO Server must be properly configured with SSO provider settings.
6. Riva SSO Server must be properly configured with Token Store provider (or it will use default).
7. Firewall must be configured to allow port 80 (non-SSL) or 443 (SSL) communication.
 
Installation Procedure

1. Unzip Riva SSO folder to hard drive.
2. Create IIS virtual directory and point to extracted directory.
3. Set ASP.Net version to 2.0.
4. Ensure user has required permissions on folder.
5. Ensure server is Internet accessible.
6. Configure connection settings in Connections.config.
7. Configure app settings in AppSettings.config.
8. Using a browser, verify that the URL works.
9. Create a profile in SalesForce that has SSO enabled.
10. Assign a user to that profile.
11. Verify that user can login to Salesforce.

Planning for Riva SSO for Salesforce

The customer needs to decide the authentication method and target against which the SSO provider will relay authentication attempts.  The authentication attempt will be based on the Salesforce.com (SFDC) username matching the eDirectory username.

Most companies will use their GroupWise SMTP service or an eDirectory integrated authentication IIS website as the authentication provider.  Both of these use the current users' eDirectory credentials.  

Once the customer has identified the authentication target, Omni will need to confirm the connectivity details to configure the SSO provider in Riva.  

The customer needs to decide where Riva SSO will be hosted:  Riva SSO can be configured on a system in the customer's environment or Omni could initially configure the SSO provider to use our Rackspace hosted SSO environment.  After the customer has tested SSO with the same test users and are ready to deploy with their complete organisation, they can move the SSO provider onto their infrastructure.
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum



This page was generated in 0.0625 seconds.