Salesforce provides a number of security mechanisms for protecting Org data.  The ability to limit the IP addresses that a user can log in from based on their Profile is a key one.  

Article outline

  • Prerequisites

  • Adding IPs to the Login IP ranges

  • EU instance

  • US instance

  • Session Settings and Enforce login IP ranged on every request

  • Session Settings and Lock sessions to the IP address from which they originated

  • You might be also interested in

Prerequisites

  • You have to have Space Admin right to amend Salesforce session settings and login IP ranges

Adding IPs to the Login IP ranges

If Login IP ranges are set up for the profile of the Salesforce user who is authenticated, then 3 additional IPs have to be added to the IP range.  The reason for this is that Elements is logging in as the user from the Elements Servers.

EU instance

If you are using our EU based instance (app.q9elements.com) the IPs are:

  • 52.17.196.12

  • 52.50.27.226

  • 52.48.228.227

US instance

If you are using our US based instance (app.us.elements.cloud) the IPs are:

  • 3.131.180.82

  • 3.131.235.22

  • 3.22.244.150

Session Settings and Enforce login IP ranged on every request

In the Session Settings (in the Org Setup) there is an option called "Enforce login IP ranges on every request".  If this is checked on, then as the name implies the IP is checked on every request, not just at login.

Because the Elements package makes REST API calls from Salesforce but executing under the user account that the sync runs under, the IP address is not the Elements one that the Salesforce server is running under.  The Salesforce IP addresses need to added to the Login IP range for the profile.  The IP addresses can be found in this Salesforce article: https://help.salesforce.com/articleView?id=000003652&type=1

Session Settings and Lock sessions to the IP address from which they originated 

There is another setting that effects the sync from Salesforce to Elements.  If the setting "Lock sessions to the IP address from which they originated" is checked the sync will fail. With this item checked, it is not possible to run the sync. 

You might also be interested in this Salesforce article to understand this subject better:

https://help.salesforce.com/articleView?id=000335524&type=1&mode=1

Did this answer your question?