Testing Salesforce SSO

After you've set up the Salesforce and Oracle Eloqua for single sign-on, you are ready to test. In addition to the information below, Salesforce offers additional testing tools.

Before you begin:

  • In Oracle Eloqua, set up a single test user to test single sign on. Since Oracle Eloqua does not synchronize users with your identity provider, you must create a user account in Oracle Eloqua.
  • The test user must meet the following criteria:
    • Must exist in Salesforce.
    • Must have access to the connected app created for Oracle Eloqua.
    • Must have an Oracle Eloqua user account set up. The user account must be configured with the same email address as their Salesforce user account.
  • We recommend turning on debug mode before you begin testing. This will provide additional error messages that will be useful for troubleshooting.

     To turn on debug mode:

    1. In Oracle Eloqua, open the identity provider.
    2. Click Edit and select the Debug Mode check box.
    3. After you finish testing, you should turn off this setting.

Allowing a test user access to the connected app

After configuring Oracle Eloqua as a connected app in Salesforce, you need to allow a user to access the Eloqua connected app. We recommend starting with a single user for testing.

Before you begin:

  • Configure Oracle Eloqua as a connected app. Learn more

To allow users access to the connected app:

  1. In Salesforce, from Setup, enter Connected Apps in the Quick Find box and select Connected Apps > Manage Connected Apps.
  2. Open the Eloqua connected app you created earlier.
  3. Scroll down to the Permissions Sets and click Manage Permissions Sets.
  4. Select the permission sets to assign to the app from the Application Permission Set Assignment Page.
  5. On the Application Permission Set Assignment Page, click the permission set to open it.
  6. Ensure the user you want to use for testing is assigned to this permission set.

Example:

The following is an example of a permission set created for testing.

The following is an example of the permission set assigned to a single user for testing.

Testing Salesforce SSO

To test single sign-on:

  1. In a browser, navigate to https://login.eloqua.com, then click Sign in with single sign-on or another account.
  2. Enter your company name and click Sign In.

    This should redirect you to the Salesforce login page. If you are already logged in to Salesforce, you will be logged in directly to Oracle Eloqua. Otherwise, login with your Salesforce user credentials.

  3. You know that single sign-on worked if you are directed to Oracle Eloqua. If not, refer to the troubleshooting information below.

After you finish:

If your testing was successful, consider the following next steps:

  • If you are setting up single logout, you should configure single logout before setting up the rest of your users.
  • In Salesforce, you can update the Oracle Eloqua connected app to grant access to users based on Profile.
    • In Salesforce, use the quick find to Search for Profiles. Open the Profile you want to update. Scroll down to Connected App Access. Give access by clicking edit profile in the top of page.

  • After successfully testing, you can also start importing users from Salesforce. Learn more.

 

Troubleshooting

If you cannot login using your Salesforce single sign-on credentials, you can try the following solutions:

  • If you haven’t already, turn on debug mode in Eloqua for testing. Refer to the steps above to turn this on.

  • Note that identity provider settings in Eloqua must exactly match the information provided by Salesforce. These settings are case sensitive.

  • From the Eloqua login screen, if you receive the error "Your request either didn't include a SAML response or the SAML response was malformed", try the following:

    • In Salesforce, browse to the Identity Provider Event Log. Check the log for the login. An error in Salesforce like "Error: User does not have access to this service provider" indicates that the Salesforce user doesn’t have access to the connected app. More error details are provided in the link above.

    • If the status in the Salesforce event log is "Success" then the error is on the Eloqua side.

     
  • From the Eloqua login screen, if you receive the error "Your user is unknown", verify that the test user exists in Oracle Eloqua and that the account is setup with the user identity expected by the identity provider (for example, the same email addresses). The user identity in Oracle Eloqua must exactly match the user identity in the identity provider. How accounts are linked depends on how you setup the identity provider.
  • From the Eloqua login screen, if you receive the error "The signature of your request is invalid", the SAML response is signed with a different certificate than what was configured in Oracle Eloqua or the certificate expired. You must update the certificate in Oracle Eloqua. Learn more about checking for and updating expired certificates.

Learn more

Configuring the Salesforce identity provider in Oracle Eloqua

Creating user imports