Identity provider settings

A descriptive name of the identity provider

The URL where Oracle Eloqua sends a SAML request to start the user login.

This is configured for you if you use the SAML metadata from your identity provider.

The destination URL to direct a single logout request when using SAML single logouts.

Use this only if your identity provider supports SAML single logout.

Your identity provider's SAML metadata might include the logout URL. If not, you must gather this from the identity provider.

The binding mechanism your identity provider requests for SAML messages. SAML bindings define how the SAML protocols map to the type of transport used. This can be either:

• HttpPost: Login requests are passed through an HTTP POST to the identity providers.
• HttpRedirect: Login requests are passed through an HTTP redirect to the identity provider.

We recommend using HTTP POST binding. This is configured for you if you use the SAML metadata from your identity provider.

The entity ID of the identity provider.

This is configured for you if you use the SAML metadata from your identity provider.

The authentication certificate issued by the identity provider.

This is configured for you if you use the SAML metadata from your identity provider. Otherwise, must upload this certificate.

The signature encryption method used by the identity provider.

The default is SHA-1 but you can change this if required by your identity provider

The authentication certificate issued by Oracle Eloqua.

Oracle Eloqua generates this certificate when you save the service provider or upload the SAML metadata. The encryption method used for the certificate depends on the signature algorithm specified.

A unique ID identifying the Oracle Eloqua service provider. This is generated by Oracle Eloqua and each identity provider configuration has a unique service provider entity ID in the form https://login.eloqua.com/auth/saml2/idp2/{site_ID}/{unique_ID} where {site_ID} identifies your organization, and {unique_ID} is a unique ID generated by Oracle Eloqua.

A unique SSO logout URL. This is generated by Oracle Eloqua and you will use it if you setup single logout.

The last part of the URL is a unique ID for this identity provider.

The assertion consumer service (ACS) URL. This is the Oracle Eloqua endpoint where the identity provider will redirect to with its authentication response.

The URL is either:

• https://secure.p{PodNumber}.eloqua.com/login/auth/saml2/acs - If the identity provider was created after November 21, 2023.

• https://login.eloqua.com/auth/saml2/acs - If the identity provider was created before November 21, 2023.

The location in the SAML assertion identifying the user. This can be either:

• Subject's name identifier: The user identifier is in the subject statement of the SAML assertion. This is the saml:NameID element of the SAML assertion.
• Attribute value: The user identifier is in the attribute element of the SAML assertion. If you use this option, you must provide the attribute name that contains the User ID. The attribute name is case sensitive.

Typically, the identity location is in the subject.

The element in a SAML assertion that identifies a user. This is what links the user between Oracle Eloqua and your identity provider. We recommend linking using email address or federation ID.

Whichever you choose, you must make sure that the Oracle Eloqua user account is set up with the ID used by your identity provider. For example, if you select email address, set up the Oracle Eloqua user account with the email address used by the identity provider. For more on setting up user account, see Setting up SSO users.

The following options are available:

• Email address from the user object: SAML assertions identify users with their email address. In this case, the Oracle Eloqua user account must be set up with the expected email address.
• Federation Id from the user object: SAML assertions identify users with a unique ID used across applications in your organization. In this case, the Oracle Eloqua user account must be set up with the expected federation ID.
• User's Id : SAML assertions identify users by the unique ID associated to an Oracle Eloqua user account. In this case, you must create the Oracle Eloqua user accounts and then use the Oracle Eloqua REST API to get the associated user ID to link users in your identity provider.
• Username from the user object: SAML assertions identify users by a user name. In this case, the Oracle Eloqua account user name must be set up with the expected value. In this case, the Oracle Eloqua account must have the expected user name.

Set this identity provider as the default. This applies if you have configured multiple identity providers.

Turn on debug mode if there are issues connecting to the identity provider. Debug mode will provide additional error messages useful for troubleshooting.