Active Topics          Search          Help
            Register          Login
Riva Integration Server for Exchange (Forum Locked Forum Locked)
 Omni Web Forum : Riva Integration Server for Exchange and GroupWise : Riva Integration Server for Exchange
Subject Topic: Riva Single Sign-on for Salesforce Post ReplyPost New Topic
Author
Message
Gordon Welling
Admin Group
Admin Group

Manager Technnical Support Services

Joined: 11-December-2003
Location: Canada
Posts: 637
Posted: 25-June-2010 at 4:08pm
Background:  Customers that evaluate Riva Integration Server for Salesforce and Exchange usually configure Riva to use a personal Salesforce connection and individual CRM synchronization policy for each Salesforce user account being used during a trial.  For small business environments with one to three Salesforce accounts, this is a workable solution.  To support more than three Salesforce accounts, we recommend implementing Riva Single Sign-on (SSO) for Salesforce.

Riva SSO for Salesforce:  Riva Integration Server is a free Riva Single Sign-On for Salesforce service for Riva customers. Riva Single Sign-on for Salesforce means users don't have to remember a separate Salesforce password. Their Salesforce password gets replaced by the ActiveDirectory/Exchange password - the whole reason for single sign-on in an enterprise implementation. Read more about Riva Single Sign-On for Salesforce.

SSO workflow is as follows: Salesforce.com User attempts a login  -->  Salesforce sends the user credentials to the SSO Provider  -->  The SSO Provider connects to the authentication provider (SMTP/HTTPS) to test the user credentials  -->  SSO Provider responds to SFDC true/false.

The main user objective in implementing Salesforce SSO is to remove the need for users to manage multiple passwords.  Users' AD password becomes their Salesforce password.  The main administrative objective in implementing SSO is to allow for user impersonation from a single Salesforce administrator connection.

Implementing Riva SSO for Salesforce

STEP 1 - The first step in the process is for the customer to send a request to Salesforce to implement SSO against their account.  This process is completed by submitting the request from the Salesforce admin account management interface.  This should be done immediately because it might take Salesforce a couple of days to service this request.  

STEP 2 - The customer must contact Omni technical support to schedule implementation of Riva SSO for their Riva Integration Server.  Let us know when your request for SSO to be enabled is completed by Salesforce and we will schedule a technician to work with you to complete the SSO piece.  We recommend planning on approximately two hours for installing, configuring and testing.
There is no charge for Riva SSO or for the support required to implement Riva SSO for a customer's environment.
 
STEP 3 - An Omni technician will implement Riva SSO.  This is the checklist that our technician uses to work through the SSO configuration:

1. SSO must be enabled at SalesForce.
2. SSO must be configured in SalesForce settings to point to Riva SSO server.
3. Each user must be configured in the Salesforce Administration Panel to use SSO.
4. Riva CRM server external IP must be part of trusted IP range (Administration Setup->Security Controls->Network Access).
5. Riva SSO Server must be properly configured with SSO provider settings.
6. Riva SSO Server must be properly configured with Token Store provider (or it will use default).
7. Firewall must be configured to allow port 443 (SSL) communication.
 
Installation Procedure

1. Unzip Riva SSO folder to hard drive.
2. Create IIS virtual directory and point to extracted directory.
3. Set ASP.Net version to 2.0.
4. Ensure user has required permissions on folder.
5. Ensure server is Internet accessible.
6. Configure connection settings in Connections.config.
7. Configure app settings in AppSettings.config.
8. Using a browser, verify that the URL works.
9. Create a profile in SalesForce that has SSO enabled.
10. Assign a user to that profile.
11. Verify that user can login to Salesforce.

Planning for Riva SSO for Salesforce

The customer needs to decide the authentication method and target against which the SSO provider will relay authentication attempts.  The authentication attempt will be based on the Salesforce.com (SFDC) username matching the Active Directory UPN (eg.  user@domain.com).

Most companies will use their Exchange SMTP service or an Active Directory integrated authentication IIS website as the authentication provider.  Both of these use the current users' Active Directory credentials.  

The customer needs to decide where Riva SSO will be hosted:  Riva SSO can be configured on a system in the customer's environment or Omni can configure the SSO provider to use our Rackspace hosted SSO environment.  Customers can use the Riva hosted SSO for testing and then move move the SSO provider onto their infrastructure when they are ready to move to production.
 
 



Edited by Aldo Zanoni on 10-September-2010 at 3:27pm
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum



This page was generated in 0.0781 seconds.