Our client is looking to roll out 1100 iPad devices that will communicate with both internal web services and salesforce.com web services outside the corporate firewall with these additional specifications:

1. The salesforce service must be able to identify the end user to achieve data security requirements
2. It is desired to only require the user to enter/manage one set of credentials (EnterpriseWindows Active Directory)
3. It is desired to not require the user to go through the activation email process to confirm their identity
4. Current security requirements dictate that access to salesforce be restricted from any unknown/outside IP.

Delivering all of these requirements does not seem plausible given my understanding of the Salesforce API constraints. Any other folks out there have similar authentication challenges for enterprise customers?

Our client is looking to roll out 1100 iPad devices that will communicate with both internal web services and salesforce.com web services outside the corporate firewall with these additional specifications:

1. The salesforce service must be able to identify the end user to achieve data security requirements
2. It is desired to only require the user to enter/manage one set of credentials (EnterpriseWindows Active Directory)
3. It is desired to not require the user to go through the activation email process to confirm their identity
4. Current security requirements dictate that access to salesforce be restricted from any unknown/outside IP.

Delivering all of these requirements does not seem plausible given my understanding of the Salesforce API constraints. Any other folks out there have similar authentication challenges for enterprise customers?