Identity provider settings
The following table describes the identity provider settings for enabling single sign-on in Oracle Eloqua. If supported by your identity provider, you can download the SAML metadata that contains some of these settings including the identity provider’s signing certificate. Learn more about creating an identify provider.
Note: All settings are case sensitive. If you do not configure a setting exactly as it is prescribed by your identity provider, single sign-on will not function.
Field | Description |
---|---|
Name |
A descriptive name of the identity provider |
Login URL |
The URL where Oracle Eloqua sends a SAML request to start the user login. This is configured for you if you use the SAML metadata from your identity provider. |
Logout URL |
The destination URL to direct a single logout request when using SAML single logouts. Use this only if your identity provider supports SAML single logout. Your identity provider's SAML metadata might include the logout URL. If not, you must gather this from the identity provider. |
Protocol Binding |
The binding mechanism your identity provider requests for SAML messages. SAML bindings define how the SAML protocols map to the type of transport used. This can be either:
We recommend using HTTP POST binding. This is configured for you if you use the SAML metadata from your identity provider. |
Identity Provider Entity |
The entity ID of the identity provider. This is configured for you if you use the SAML metadata from your identity provider. |
Identity Provider Certificate |
The authentication certificate issued by the identity provider. This is configured for you if you use the SAML metadata from your identity provider. Otherwise, must upload this certificate. |
Signature Algorithm |
The signature encryption method used by the identity provider. The default is SHA-1 but you can change this if required by your identity provider |
Service Provider Certificate |
The authentication certificate issued by Oracle Eloqua. Oracle Eloqua generates this certificate when you save the service provider or upload the SAML metadata. The encryption method used for the certificate depends on the signature algorithm specified. |
Service Provider Entity |
A unique ID identifying the Oracle Eloqua service provider. This is generated by Oracle Eloqua and each identity provider configuration has a unique service provider entity ID in the form |
Service Provider Logout URL |
A unique SSO logout URL. This is generated by Oracle Eloqua and you will use it if you setup single logout. The last part of the URL is a unique ID for this identity provider. |
ACS URL |
The assertion consumer service (ACS) URL. This is the Oracle Eloqua endpoint where the identity provider will redirect to with its authentication response. The URL is either:
|
User Identity Location |
The location in the SAML assertion identifying the user. This can be either:
Typically, the identity location is in the subject. |
User Identity Mapping |
The element in a SAML assertion that identifies a user. This is what links the user between Oracle Eloqua and your identity provider. We recommend linking using email address or federation ID. Whichever you choose, you must make sure that the Oracle Eloqua user account is set up with the ID used by your identity provider. For example, if you select email address, set up the Oracle Eloqua user account with the email address used by the identity provider. For more on setting up user account, see Setting up SSO users. The following options are available:
|
Default Identity Provider (IDP) |
Set this identity provider as the default. This applies if you have configured multiple identity providers. |
Debug Mode |
Turn on debug mode if there are issues connecting to the identity provider. Debug mode will provide additional error messages useful for troubleshooting. |
Use Popup Login Window with Iframes |
User login appears in a new window. This is a setting that you may need if you plan to integrate Profiler in an inline frame (iframe) of your CRM. In this case, if you set up the integration to use the auto-login option, turning on this setting ensures that users can use single sign-on. For more information, see Profiler integration |