You need to sign in to do that
Don't have an account?
Salesforce IP Range and Domain Whitelisting
Hi All,
Salesforce IP Range and Domain Whitelisting
During an integration with a 3rd party system, I have come across the issue, "Whitelisting the Salesforce IP Ranges and Domains".
Salesforce knowledge article says and listed out several IP Ranges (eg: 182.50.78.5 - 182.50.78.15 - one of the APNIC range) to be whitelisted.
Here is my question, if the given(by Salesforce) IP's( 182.50.78.5 - 182.50.78.15 ) are whitelisted, all the organisation(Salesforce Org) lies in AP(Salesforce Asia Pacific Server) and whichever the organisation(Salesforce Org) using the same IP range to communicate with other system can have the access to our Server as well.
Hence, there is loophole and our Server firewall is exposed for all Salesforce Org's. This will not actually work not a right approach.
We have to make sure that the request is coming from a authorized Salesforce Org. Is there anything we can get like a specific IP for one Salesforce Organisation? Something like this is necessary to make the Integration successful.
Please suggest me a good solution.
Is it possible to whitelist the Custom Doimain Name "<mydomain>.my.salesforce.com"?
Regards,
Saravana.
Because, it salesforce you need to whitelist the 3rd Party System's IP address and URL, not the Salesforce IP Addresses and URLs.
If your 3rd party system allows custom domain URLs to be whitelisted, your "MyDomain" would be the ideal URL to whitelist (along with the IP Block of the server of course).
If its a integration then you will add your external URL in the remote site(request from that Https will be accepted) & if the login method is password/JWT/Oauth 2.0 then you will provide the security token to get the access Token. so there is no loophole in the login meachnism & accessing your API's in SFDC integration.
The whitelisting IP will avoid the rerouting to a rogue website and prevents any internet traffic intended for Salesforce but still we need to prove ourself by providing required credentials(as per your org login policy) to access the sfdc org.
For example, We have whitlisted an IP of my office network in my org so whenever i login from the office network it wont trigger code(4 digit) to email in order to prove myself but when i does same from my home network it will trigger. I need to provide my credentials in both senarios.
Regards,
GM
To get rid of this you have to whitelist all the IP'S from the systems of API's for more please refer the below URL.
https://help.salesforce.com/articleView?id=000003652&type=1
Thanks !
Yeah, Im talking about whitelisting Salesforce Domain name or IP Ranges in 3rd Party system(.Net, Java, Etc...)
Have you ever done domain whitelisting in 3rd party system's Server?
Regards,
Saravana.
If this 3rd Party application is installed On-Premise within your network, your IT team should be able to help you.
For, cloud -based off-premise applications, your service providers should be able to help you out.
Can you tell me which is this 3rd Party application you are talking about?
I am facing same issue. Can you share what approach did you take to workaround whitelisting all IP addresses?
Thanks,
Sameer S. Matale
Also, don't forget that your server system needs also to prove they are who the client system thinks they are. SSL is the go-to mechanism here: the server certificate proves that the server is what their DNS name (e.g. api.mythirdpartyapi.com) says they are. Without this, the client risks giving their credentials to an untrusted party.
Additionally, you should run penetration testing on your API to make sure that there are no ways to circumvent the authentication and get access to the system without having a valid cert/key/password.
This is not unique to Salesforce, obviously; it applies whenever you integrate two systems.