salesforce ip ranges whitelisting

Hi there,
If salesforce ip ranges are whitelisted on my company's network, does it mean it opens the door for all Salesforce applications to access to my company's network?
If yes, how to limit only my salesforce org's application to access?

thanks,
David

May 5, 2016
·
Answer
·
Like
0
·
Follow
1

Daniel Ballinger
It means that the Salesforce servers with the trusted IPs can send traffic to the servers in your company that have been exposed. I'm not a network engineer, but my understanding is you typically just expose the web servers that host the web services to those IP addresses. It shouldn't be possible for the Salesforce servers to send requests to any IP address on your companies network.

It terms of the web services that you expose to those IP addresses, you can check that the expected Salesforce client certificate is being used. I'll also often include the OrgId and session details in the request. I can then call back to Salesforce to verify that the session is valid and that the OrgId is from an allowed company. A Connected Canvas App can also use a Signed Request to verify it's identity to the web service.

See also:
Considerations for Security (https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_om_outboundmessaging_security.htm)
What are the Salesforce IP Addresses & Domains to whitelist? (https://help.salesforce.com/apex/HTViewSolution?id=000003652)
Signed Request Authentication (https://developer.salesforce.com/docs/atlas.en-us.platform_connect.meta/platform_connect/canvas_app_signed_req_authentication.htm)

May 5, 2016
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

salesforce ip ranges whitelisting

You need to sign in to do that.