Eloqua

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) using SAML and provisioning for Oracle Eloqua.

About Eloqua

Oracle Eloqua enables marketers to plan and execute campaigns while delivering a personalized customer experience for their prospects.

After integrating Eloqua with Oracle Identity Cloud Service:

• Users can access Eloqua using their Oracle Identity Cloud Service login credentials.
• Users can start Eloqua using the Oracle Identity Cloud Service My Apps console.
• Admins can assign and revoke user access to the Eloqua app using the Oracle Identity Cloud Service administration console.

What Do You Need?

• An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
• An Eloqua account with authorization rights to configure federated authentication.
• An Eloqua service account (added to the Customer Administrator and Everyone security groups) to manage user accounts in Eloqua through Oracle Identity Cloud Service.
• Identity Provider metadata. Use the following URL to access the metadata: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata.

Configuring SSO for Eloqua

Use this section to configure SSO in Eloqua with Oracle Identity Cloud Service.

Configuring an Identity Provider

1. Log in as an administrator to: https://login.eloqua.com/

2. Click the Settings icon.

3. On the Settings page, click Users from the Users and Security section.

4. Click the Single Sign-On menu, and then select Identity Provider Settings.

   

5. On the Identity Provider Management page, click Upload Identity Provider from Metadata, and then follow the on-screen instructions.

6. Enter a name for the identity provider settings, and then upload the Identity Provider metadata file that you downloaded in the “What Do You Need” section.

7. Click Save. The uploaded IdP information appears.

8. Click Edit at the bottom of the page. The Edit Identity Provider Details page appears.

9. Verify that Protocol Binding is set to HttpPost.

10. Select Sha256 from the Signature Algorithm drop-down list box.

11. Verify that User Identity Location is set to The user identity is located in an assertion subject’s name identifier.

12. Select Assertion contains the Username from the User object in the User Identity Mapping section, and then click Save. The Identity Provider Details page appears with the settings that you just configured.

13. Click Download at the bottom of the page to download the SP metadata information. You need the following information from this file while configuring Eloqua in Oracle Identity Cloud Service.

    

    The entityID url in the metadata file has the following format: https://login.eloqua.com/auth/saml2/idp2/{siteId}/{identityProviderId}

    In the metadata file sample:
    • The Site Id of the entityID is 561407682.
    • The Identity Provider ID of the entityID F568F44F86E94F398E04D797C33FDA51.
    • The signing certificate in the metadata file appears as the X509Certificate value. Use this value to create the certificate file that you must upload later in the “Registering and Activating the Eloqua Application” section.

Saving the X509 Certificate in PEM Format

Use this section to convert the X509Certificate value into a format that is suitable for Oracle Identity Cloud Service.

1. In the SP metadata file, locate <X509Certificate> under <md:KeyDescriptor use="signing">.

2. Copy the value between the <X509Certificate> and </X509Certificate> to a text file.

3. Add -----BEGIN CERTIFICATE----- at the beginning of the file.

4. Add -----END CERTIFICATE----- at the end of the file.

   

5. Save and change the file extension to .cer.

Configuring Eloqua in Oracle Identity Cloud Service

Use this section to register and activate the Eloqua app and to enable provisioning for Eloqua. You can then assign users or groups to Eloqua and start the user provisioning process.

Note: The Synchronization feature is currently not supported for Eloqua. However, you can manually import user accounts from Eloqua in Oracle Identity Cloud Service by using a flat file. For details, see the "Creating a Flat File for Manually Importing User Accounts from Eloqua" section.

Registering and Activating the Eloqua Application

1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

2. Click App Catalog.

3. Search for Eloqua, and then click Add.

4. In the App Details section, enter the Identity Provider ID, and Site ID for Eloqua. The Identity Provider ID and Site ID are located in the SP metadata that you downloaded in the “Configuring an Identity Provider” section.

5. Verify that the Display in My Apps check box is selected, and then click Next.

6. Click Upload, locate the signing certificate that you converted to PEM format in the "Saving the X509 Certificate in PEM Format" section, and then click Open.

7. Click Next to enable provisioning for Eloqua. See the "Enabling Provisioning for Eloqua" section.

8. After you enable provisioning, click Finish. Oracle Identity Cloud Service displays a confirmation message.

9. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Enabling Provisioning for Eloqua

Use this section to enable provisioning for managing user accounts in Eloqua through Oracle Identity Cloud Service.

1. On the Provisioning page, select Enable Provisioning.

2. Use the table to enter values for establishing a connection with Eloqua through Oracle Identity Cloud Service:

   This table lists the parameters that Oracle Identity Cloud Service requires to connect to Eloqua.

   Parameter	Value
   Site Name\Administrator Username	Enter the value in the "Site Name\Administrator Username" format. In this format, replace Site Name with the company name that you specified while logging in to Eloqua. Replace Administrator Username with the Eloqua service account user name. For example: "idcsApp\example.username"
   Administrator Password	Enter the Eloqua service account password.
   Host Name	Enter the host name of the server that is hosting Eloqua. For more information on determining the host name, see the Determining base URLs section in REST API for Oracle Eloqua Marketing Cloud Service.

3. Click Test Connectivity to verify the connection with Eloqua. Oracle Identity Cloud Service displays a confirmation message.

4. To view predefined attribute mappings between the user account fields defined in Eloqua and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, and then click OK.

   Note: To add a new attribute for provisioning, click Add Attribute, specify the attributes in the User and Eloqua Account columns, and then click OK. For example, if you want to add the User Name field, enter $(user.userName) in the User column, and then select the corresponding field from the drop-down list in the Eloqua Account column.

5. Specify the provisioning operations that you want to enable for Eloqua:

   Note: By default, the Create Account, De-activate Account, and Delete Account check boxes are selected.

   Create Account: Automatically creates an account in Eloqua when Eloqua access is granted to the corresponding user in Oracle Identity Cloud Service.

   De-activate Account: Automatically activates or de-activates an account in Eloqua when the corresponding user is activated or de-activated in Oracle Identity Cloud Service.

   Delete Account: Automatically deletes an account from Eloqua when Eloqua access is revoked from the corresponding user in Oracle Identity Cloud Service.

You can now manage Eloqua accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups sections in Administering Oracle Identity Cloud Service.

Creating a Flat File for Manually Importing User Accounts from Eloqua

Use this section to download user data from Eloqua and create a compatible flat file for manually importing user accounts in Oracle Identity Cloud Service.

1. Log in as an administrator to Eloqua. The home page appears.

2. Click the Settings icon.

3. Click Users from the Users and Security section.

4. From the Users drop-down list, select Download Users. The Download Users page appears.

5. From the Export drop-down list, select Export To Excel. The Export To Excel page appears and the download process is initiated. After the download is complete, the Excel file is stored on your local system. This file holds data for all of the User attributes available in Eloqua.

6. Create a new CSV file, add ID, NAME, and ACTIVE column headers, and then copy corresponding data from the file (downloaded in Step 5) based on the mappings described in the following table:

   This table provides the mapping details, description, and sample values for the Eloqua User attributes.

   Attribute	Map To	Description	Sample Value
   ID	User Name	Unique identifier	abc.user@sampleapp.com
   Name	User Name	Account name	abc.user@sampleapp.com
   ACTIVE	User Enabled	Account status	true

   You can now use this CSV file to import user accounts into Oracle Identity Cloud Service. For more information on performing this task, see the Importing User Accounts from a Flat File Using REST APIs section in Administering Oracle Identity Cloud Service.

Verifying the Integration

Use this section to verify that SSO and single log-out (SLO) work when initiated from Oracle Identity Cloud Service (IdP Initiated SSO and IdP Initiated SLO) and Eloqua (SP Initiated SSO and SP Initiated SLO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

1. Access the Oracle Identity Cloud Service My Console: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole

2. Log in using credentials for a user that is assigned to the Eloqua app. Oracle Identity Cloud Service displays a shortcut to Eloqua under My Apps.

3. Click Eloqua. The Eloqua home page appears.

4. On the Eloqua home page, confirm that the user that is logged in is the same for both Eloqua and Oracle Identity Cloud Service.

   This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from Eloqua

1. Access Eloqua at: https://login.eloqua.com/

2. Click Sign in with SSO or another account. You are prompted to sign in using your company credentials.

3. Enter the Company name and click Sign In. The Oracle Identity Cloud Service Sign In page appears.

   Note: When there are multiple identity providers, select the appropriate identity provider, and then click Sign In.

4. Log in using credentials for a user that is assigned to the Eloqua app. The Eloqua home page appears.

5. On the Eloqua home page, confirm that the user that is logged in is the same for both Eloqua and Oracle Identity Cloud Service.

   This confirms that SSO that is initiated from Eloqua works.

Verifying Identity Provider Initiated SLO

1. On the Oracle Identity Cloud Service home page, click the user name in the upper-right corner, and then select Sign Out from the drop-down list.

2. Access the user profile in Eloqua, and then confirm that the login page appears.

   This confirms that SLO works and that the user is no longer logged in to Eloqua and Oracle Identity Cloud Sevice.

Verifying Service Provider Initiated SLO

1. On the Eloqua home page, click the user icon in the upper-right corner, and then select Logout from the drop-down list.

2. Click OK at the confirmation message that displays.

3. Access the Oracle Identity Cloud Service My Console, and then confirm that the login page appears.

   This confirms that SLO works and that the user is no longer logged in to Eloqua and Oracle Identity Cloud Service.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Eloqua Service displays the error, "Your user is unknown."

Cause: The email attribute sent to Oracle Identity Cloud Service during SSO doesn't match any existing user in Eloqua.

Note: The above error message gets displayed when the debug mode is enabled. Error message when the debug mode is disabled: "Your request either didn't include a SAML response or the SAML response was malformed.”

Solution: Check your SSO configuration and ensure that the user that you assign to the Eloqua app has an account in both Oracle Identity Cloud Service and Eloqua service with the same email address.

Oracle Identity Cloud Service displays the message "You are not authorized to access the app. Contact your system administrator".

Cause 1: The administrator revokes access for the user at the same time that the user tries to access the Eloqua app using Oracle Identity Cloud Service.

Solution 1: Access the Oracle Identity Cloud Service administration console, select Applications, Eloqua, Users, and then click Assign to re-assign the user.

Cause 2: The SAML 2.0 integration between the Oracle Identity Cloud Service and Eloqua is deactivated.

Solution 2:

• Access the Oracle Identity Cloud Service administration console, select Applications, and then Eloqua.
• Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Unknown Issues

For unknown issues, contact Oracle Support:

1. Go to https://support.oracle.com.

2. Select Cloud Support, and then sign in with your support credentials.

3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

4. Select Oracle Identity Cloud Service as the service type.

5. Complete your service request.