Salesforce module difficulty logging in to Salesforce.com from Drupal

Hello,

I am working for a current Salesforce commercial client and we are integrating Salesforce with a new Drupal web site. For both their account and my developer account, authentication fails using the e-mail and password. I know that Salesforce protects against unauthorized access by IP-based whitelists, and I am wondering if this is the problem.

We have not received e-mails at either account noting a failed login, and am wondering if there is a place in the admin interface that I have missed and can enable the web site.

Thank you very much for any help you can provide,

Sincerely,

Benjamin Melançon

Agaric Design Collective
Open Source Free Software Web Development
http://agaricdesign.com/

Couple days passed, and when the response came we didn't quite connect...

Dear Benjamin,

Thank you for contacting Salesforce.com Support.

The purpose of whitelisting an IP address range is to allow for disaster recovery procedures with the Mirrorforce data backup centers and for future expansion.

There is no risk in white listing the specified range of IP addresses as Salesforce.com *OWNS* the range. It is not leased or shared in any way with any other organizations..

Salesforce.com moved from an IP address block sub-allocated by an ISP to a new address block allocated directly to salesforce.com by the American Registry for Internet Numbers (ARIN).

Salesforce.com strives to provide our customers with the best service possible. The MirrorForce data centers installations on the East and West Coast provide near real-time data replication and failover. Direct IP allocations make that possible.

In addition, direct IP allocations provide for:

-ISP Peering: The ability to select diverse peering to avoid congested networks.

-ISP Redundancy: The ability to easily expand beyond two network carriers

-IP Stability: The ability to maintain the same IP addresses with different network carriers.

The IP address spaces are as follows:

204.14.232.0/25 East Coast Data Center (set one)
204.14.233.0/25 East Coast Data Center (set two)
204.14.234.0/25 West Coast Data Center (set one)
204.14.235.0/25 West Coast Data Center (set two)

To clarify, the "0/25" that you see in the ranges does not refer to "0 - 25" or 26 IP addresses. It is network administration nomenclature which refers to the range of IP addresses from "0 - 127", so there is a total of 512 IP addresses.

If you have any further questions regarding this case, feel free to E-Mail me.

Thank You,

Support Representative
Salesforce.com

I was resolute, if without sleep or tact:

Dear Thomas,

I think you misunderstood my request / question. Our web site is not blocking yours. The login as a user, using the Drupal Salesforce integration module by Victor Kane ( http://drupal.org/project/salesforce ) is failing.

I suspect it may be because Salesforce.com is filtering *incoming* users by IP address. I know to get access to our client's site we had to have our computer or network or IP address blessed in Salesforce's eyes. I'm wondering if the same thing could be happening through the API.

Again, our web site is not blocking Salesforce. Our web site's login to salesforce (using a working user account) is failing.

Any thoughts?

Thank you,

benjamin

Agaric Design Collective
Open Source Free Software Web Development
http://agaricdesign.com/

Excellent and rapid response:

Dear Benjamin,

I do apologize on the miscommunication I had thought you were not receiving an email. The issue is a security token is needed when integrating. To access Salesforce via the API & Client Applications from locations outside of your company's Trusted Network (e.g.
Outlook Edition, Office Edition, Data Loader, Integrations, etc.) a Security Token will be required in combination with your password in the client applications.

Criteria for Security Token:Is this User / API call / client app logging in from an IP on the Trusted IP Range list?
Does this User have IP Login Restrictions on their profile?

Yes on either of these will mean a pass on Security Token requirement

Setup > Personal Setup > My Personal Information > Reset Security Token

Salesforce realizes that it cannot prevent users from giving away their credentials
in a phishing attack. However, Salesforce is trying to prevent the use of phished credentials via the API. In order to do this, Salesforce is implementing the use of security tokens. For security reasons, the Security Token is delivered to the email address
associated with the user record. To reset and resend your Security Token click
the "Reset Security Token" button in the Setup page.

NOTES:

The Security Token is a randomly generated, alpha numeric 25 character password. The Security Token is subject to any password policies configured by your administrator. The
Security Token password will be reset each time the standard user password is reset. At this time they will automatically receive an email with a new Security Token. This new Security Token may not be needed by the user at this time. It will only be needed if they intend to use the client applications from outside the Trusted IP Range.

If you have any further questions regarding this case, feel free to E-Mail me.

Thank You,

Support Representative
Salesforce.com

Resolution

Getting and Using the Salesforce Security Token

Extending access to Salesforce, letting more people - and sites - log in to a Salesforce account.

First, I went to Setup > Grant Login Access set "To assist you with support issues, your administrator may need to access your data using your login.
Your administrator will have login access until the expiration date you set below." to 2009. That may do it.

Second, I set the security token:

If you do not have or know what your Salesforce token is currently, you can set it by:

Going to Setup
and on that main page in the first section "My Personal Information"

click "Reset your security token"

It is then e-mailed to the main administrative e-mail address.

"A new security token has been sent to admin@example.com, which is the email address associated to your user.
Error: Invalid Data.
Review all error messages below to correct your data.

How to enter your security token:

When accessing Salesforce either via a desktop client or the API from outside of your company's trusted networks:

If your password = "mypassword"
And your security token = "XXXXXXXXXX"
You must enter "mypasswordXXXXXXXXXX" in place of your password

Note that you do not enter a security token in place of your password when logging into Salesforce via a browser."

The security token is: UYgPXXnotgonnasayXXNay1

Adding that to the password should /also/ do it!

Finally, I think what we may need to do however is get your IP address and put it in here-- or I guess I should have forwarded you the activation e-mail instead of clicking on the link, doh! If you request activation again I'll do that, or maybe the IP range approach will be more convenient for you:

"The list below contains IP address ranges from sources that your organization trusts. Users logging in to Salesforce with a browser from trusted networks are allowed to access Salesforce without having to activate their computers.
Trusted IP Ranges

Start IP AddressSorted Ascending End IP Address ISP Organization Geography"