Showing results for 
Search instead for 
Did you mean: 

IP Issue with Custom Connector for Salesforce

Due to my company using SSO (Single Sign On) for Salesforce, i've had to create a Custom Connector to connect to our Salesforce org as the out of the box Salesforce Connector cannot perform SSO. When I test the connection, the initial connection succeeds, but any GET requests (Operations) I make with it to obtain data fail. I've isolated the issue to the following Salesforce Session Security Setting:





If I temporarily disable this setting, all of the GET requests succeed. If I turn it back on, they fail. I switched it on and off a few times to confirm (it is currently back to on). I believe the fundamental issue is that the Microsoft Cloud Infrastructure isn't necessarily using the same machine/IP to login that it does to perform the actual GET requests. This setting in Salesforce helps with mitigating session hijacking attempts. Here is a specific high-level summary that Salesforce provides for it:



My problem is that my company is not able to disable this security setting, due to the high number of attacks that have targeted us previously. 


Has anyone encountered this issue before with other Connectors, and if so, how did you mitigate it? I'm curious to test if the OOTB Salesforce Connector also has this issue, but of course can't test it myself as our org only does SSO. Any and all help appreciated; thanks!



If IP Whitelist option is available that would be the simplest route to take. Here is a similar thread on this topic. Here is a documentation that lists the public apis:

Depending on your need some other options are available as well.


Please take a look at these options and let me know if you have more questions.


If this reply answers your question or solves your issue, please ACCEPT AS SOLUTION ☑️. If you find this reply helpful, please consider giving it a LIKE 👍.

You can also route all your traffic through a VNET to scrub the IP to whatever you want. I have used that in the past where clients wish to only whitelist a small set of IPs for connecting to {insert system name here} and do not want to allow a large range of IPs. 

Hello Syndicate Admin,


Thank you for the quick reply. I did try to whitelist these IP ranges, but it did not resolve my issue. I think the fundamental issue here is that the Custom Connector is establishing a connection from one IP address, but then performing Operations (GET Requests) from a different IP address while trying to use the same Session ID. The Salesforce Security Control is blocking this because it looks like session hijacking. My customer is not able to disable this setting due to the high number of attacks that our organization receives. I'm wondering if there's a way to specify to PowerApps to direct all traffic through a single IP?



Thank you for the helpful response. If I am unable to resolve this issue through the platform directly, this approach would be a viable alternative. My customer is asking me to attempt to resolve it with Microsoft directly, but if I end up not being able to do that I will definitely accept this as the solution.



Can you please list the ip address that the connection came from and the the ones which was used for calls? Here is the list of connector ip addresses:

Do any of these match the get call?


Which region are you located at? Can you please give me the client request id or run id?

Helpful resources

Process Advisor

Introducing Process Advisor

Check out the new Process Advisor community forum board!

MPA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Top Solution Authors
Top Kudoed Authors
Users online (3,238)