Oracle Identity Cloud Service Integration with Oracle Eloqua Marketing Cloud Service
Oracle launched its Identity Cloud Service (IDCS) in the fall of 2016. IDCS is designed on Microservice architecture, which aligns with the Cloud principles of Scalability, Elasticity, Resilience, Ease of Deployment, Functional Agility, Technical Adoption, and Organization Alignment. Moreover, IDCS is intended to provide a set of hybrid identity features to maintain a single identity for each user across on-premises and in-the-cloud services, while delivering a seamless user experience.
This blog is the first of a multi-part series that will focus on providing insights and common use cases for IDCS. In this post, we will discuss how an integration with IDCS can simplify user authentication and single-sign-on capabilities for Oracle Eloqua Marketing Cloud Service. This blog post highlights the federation capability of IDCS.
High-Level Integration Steps
IDCS–Oracle Eloqua integration can be achieved using the following steps:
Step 1: Upload users in Oracle IDCS via CSV import.
Step 2: Create users in Oracle Eloqua Marketing Cloud Service.
Step 3: Extract Identity Provider Metadata from IDCS and import to Oracle Eloqua Marketing Cloud Service.
Step 4: Extract Service Provider Metadata from Oracle Eloqua Marketing Cloud Service and import it into IDCS.
Step 5: Test the login.
In general, these high-level steps will remain the same for IDCS integration with any other Oracle Cloud Product.
Detailed Steps
The details of each step are listed below.
Step 1: Upload users in Oracle IDCS via CSV import.
a. Create a CSV file. A sample CSV file can be found on the Oracle Documentation here.
b. Log in to IDCS.
c. Click on the Users tab.
d. Click on the Import button.
e. Click the Browse button.
f. Select UserImport.csv.
g. Click the Import button.
h. User import completed.
i. Click on the Job tab and verify the user import status.
j. Click on the User tab and validate the created users.
Step 2: Create users in Oracle Eloqua Marketing Cloud Service.
a. Log in to Oracle Eloqua Marketing Cloud Service.
b. The Marketing Eloqua Cloud home page looks like this:
c. Click on Contact from the Audience tab.
d. Click the Upload button.
e. Select the CSV file.
f. Click the cloud to upload the file.
g. Select the file that contains the users which need to be created in Oracle Eloqua Marketing Cloud Service.
h. Validate the user details and click the Next Step button.
i. Click the Next Step button.
j. Select the root folder.
k. Click the Finish button.
l. The User is created.
Step 3: Extract Identity Provider Metadata from IDCS and import to Oracle Marketing Cloud.
Follow the below steps to extract Metadata from IDCS.
a. Log in to IDCS.
https://xxxxx.identity.oraclecloud.com/fed/v1/Metadata
b. Enter user name and password to log in.
c. Click on the file menu and select Save As.
d. Enter the name of the file and click the Save button.
Follow the steps below to Import Metadata to Oracle Eloqua Marketing Cloud Service.
a. Log in to Oracle Eloqua Marketing Cloud Service: https://login.eloqua.com/
b. Click the Settings icon in the upper right corner of the screen.
c. Click on View Users.
d. Click the Single Sign On tab, then click on Identity Provider Setting.
e. The Identity Provider Management dashboard is displayed, as seen below:
f. Click on the Upload Identity Provider from Metadata button.
g. Enter the name of the Identity Provider and select the extracted IDCS file.
h. Click the Open button.
i. Click the Save Button.
Step 4: Extract Service Provider Metadata from Oracle Eloqua Marketing Cloud and import to IDCS.
Extract Service Provider Metadata from Oracle Eloqua Marketing Cloud.
a. Log in to Oracle Eloqua Marketing Cloud Service: https://login.eloqua.com/. Click on the Settings icon in the upper right corner.
b. Click on View Users.
c. Click the Single Sign-On tab, then click on Identity Provider Settings.
d. The Identity Provider Management dashboard is displayed, as shown below:
e. Click on the IDCS Metadata link and note the following values. Also, download the signing certificate.
- logoutRequestUrl
- partnerProviderId
- assertionConsumerUrl
f. Click the Single Sign-On tab, then click on Certificate Setup.
g. Click on Service Provider Certificate for IDCS Metadata.
h. Click the Download button.
i. Finish.
Importing Oracle Eloqua Marketing Cloud Service SP Metadata into IDCS.
Currently, IDCS does not offer any UI interface for the addition of Service Provider Metadata, or any other similar changes to SAML settings. These functionalities are exposed as REST APIs. Hence, any addition or likewise changes can be achieved by using the curl commands or using REST clients.
For example, we can use a poster plugin as a rest client for these operations.
Importing Service Provider Metadata to IDCS is a two-step process.
a. Obtain access token from OIDCS as admin user.
URL: IDCS token service end point
Headers: Authorization
Operation: POST
Data: admin user, password, scope
Example:
b. Use the above access token to invoke the REST API.
URL: IDCS token service end point
Headers: Authorization
Operation: POST
Data: Details populated with service provider SCIM schema
Step 5: Test the login.
a. Log in to Oracle Eloqua Marketing Cloud Service: https://login.eloqua.com/
b. Click Sign in with SSO or another account; Enter Company Name and click the Sign In button.
c. The page should be redirected to the IDCS login.
d. Enter IDCS username and password.
e. User is now logged in to Eloqua Marketing Cloud successfully!
Finally, follow these steps to verify the underlying SAML Exchange.
a. Behind the scenes, the Eloqua service provider sends a signed authentication request to IDCS (which can be seen in the SAML tracer plugin in Chrome).
b. IDCS Identity Provider sends a signed assertion response confirming the user’s identity.
Concluding Remarks
Here, we saw how simple and easy it is to on-board a cloud application for Federation. The frustrations of on-premises solutions, such as acquiring hardware, setting up the load balancer, installing and configuring components can be avoided. The cloud instance is readily available for everyone immediately from day-one, unlike the on-premises solution which required months to prepare the environment.
Oracle Identity Cloud Service provides a comprehensive IAM platform, built on modern cloud principles that can be used by organizations to simplify interactions with business partners and customers.
Leave a Reply