CRM integration for Microsoft Outlook, Outlook WebAccess, Microsoft Entourage, Apple Mail, iCal, Address Book, Novell GroupWise, BlackBerry, iPhone and other ActiveSync mobile devices

Riva Single Sign-On for Salesforce

Free Trial
Riva CRM Integration
Advanced Features
Supported Systems
Screenshots
Case Studies
Editions and Pricing
Tech Specs
Riva videos
Contact us

Background Information

Riva Integration Server for Salesforce includes Riva Single Sign-On for Salesforce. This is required if you want to configure a single Riva sync policy to be able to synchronize multiple Salesforce accounts using account impersonation. Riva implements a standard Salesforce Single Sign-On configuration as described in the link below:

How to Implement Single Sign-On with Force.com

Identify the Local Authentication Provider

Before you can configure your Salesforce system for Single Sign-on, you must identify the local authentication source that contains user authentication capabilities. This local source will provide user authentication information for Salesforce through the Single Sign-On service. It replaces the Salesforce login and password with the local login and password.

There are three authentication options:

  • Option 1. Web Server Authentication: Configure Salesforce Single Sign-On to point to a web server that supports Basic / NTLM / Digest authentication schemes using the same email address as is used by Salesforce. (An example of this would be a web site in your environment that is configured to require users to authenticate with the same email address as is used in Salesforce. Any IIS website that is integrated into Active Directory or Apache site configured to use eDirectory would.)
  • Option 2. Mail / SMTP Server Authentication: Configure Salesforce Single Sign-On to authenticate against an SMTP server that accesses an internal authentication system (usually Active Directory or eDirectory) that uses an account that has the same user email address as is used in Salesforce. (An example of this would be a public-facing, internet-connected, Exchange SMTP server.)
  • Option 3. If you already have a Salesforce Single Sign-On provider, the existing provider can also be used by Riva.

Submit Authentication Provider Information to Omni

To use Omni’s hosted Riva Single Sign-On for Salesforce, after you have chosen your local authentication provider, you will need to submit the IP address or URL information to Omni. Omni uses this information to create a unique instance of Riva Single Sign-On service for your organisation. We will provide you with the unique Single Sign-On URL that you will use to configure Salesforce for Single Sign-On services.

Configure Salesforce for SSO

Use the Riva SSO URL configuration provided by Omni to configure the SSO provider information on your Salesforce system. After configuring the Riva Single Sign-On service in Salesforce, Salesforce will relay user authentication through the Riva Single Sign-On service to your local authentication provider.

Configure Riva to Use Riva SSO for Authentication

Most environments will use their Exchange or GroupWise SMTP service or Active Directory or eDirectory LDAP service integrated authentication through a website. These systems will use the current users’ Directory login and password credentials. After you have configured your Salesforce system for SSO, the next step is to configure Riva to use the same SSO service. Open the Riva administration interface. Open the Salesforce connection and select the Single Sign-On tab. In the field for the Single Sign-On URL:, enter the Riva Single Sign-On URL you received from Omni.

Use the Retrieve button to have Riva auto-detect the IP address it uses to communicate over the internet to Salesforce.

Test the configuration by entering a Salesforce Account email address. If the test returns as successful, the system is properly configured.

Single Sign-on Workflow

There are two objectives that are achieved by configuring Riva to support Salesforce Single Sign-on: users will login to Salesforce using their Active Directory or eDirectory password and a single instance of Riva will be able to synchronize multiple Salesforce accounts using impersonation.

When a user logs into Salesforce.com, Salesforce sends the credentials to the SSO Provider. The SSO Provider connects to the authentication provider (your LDAP server or email server) to test the credentials. The SSO Provider responds to Salesforce.com with true or false to allow or disallow the login.

Customers can choose to host Riva SSO on their internal resources or can use the instance of Riva SSO that is available in our Rackspace cloud hosted environment. Moving the SSO provider from our hosted service to your internal resources is a simple configuration change.

Related Forum Post

Omni has posted a related Riva Single Sign-on for Salesforce forum post with additional information.

More information

Salesforce