Salesforce provides a number of security mechanisms for protecting Org data. The ability to limit the IP addresses that a user can log in from based on their Profile is a key one.
Article outline
Prerequisites
Adding IPs to the Login IP ranges
EU instance
US instance
Session Settings and Enforce login IP ranged on every request
Session Settings and Lock sessions to the IP address from which they originated
You might be also interested in
Prerequisites
You have to have Space Admin right to amend Salesforce session settings and login IP ranges
Adding IPs to the Login IP ranges
If Login IP ranges are set up for the profile of the Salesforce user who is authenticated, then 3 additional IPs have to be added to the IP range. The reason for this is that Elements is logging in as the user from the Elements Servers.
EU instance
If you are using our EU based instance (app.q9elements.com) the IPs are:
52.48.58.152
54.195.73.17
54.195.136.141
US instance
If you are using our US based instance (app.us.elements.cloud) the IPs are:
3.131.180.82
3.131.235.22
3.22.244.150
Session Settings and Enforce login IP ranged on every request
In the Session Settings (in the Org Setup) there is an option called "Enforce login IP ranges on every request". If this is checked on, then as the name implies the IP is checked on every request, not just at login.
Because the Elements package makes REST API calls from Salesforce but executing under the user account that the sync runs under, the IP address is not the Elements one that the Salesforce server is running under. The Salesforce IP addresses need to added to the Login IP range for the profile. The IP addresses can be found in this Salesforce article: https://help.salesforce.com/articleView?id=000003652&type=1
Session Settings and Lock sessions to the IP address from which they originated
There is another setting that effects the sync from Salesforce to Elements. If the setting "Lock sessions to the IP address from which they originated" is checked the sync will fail. With this item checked, it is not possible to run the sync.
You might also be interested in this Salesforce article to understand this subject better: