Loading

Cannot log in via SSO to the Marketing Cloud when Salesforce.com is identity provider

게시 일자: Feb 15, 2025
상세 설명
Within Salesforce, you have the ability to use Salesforce as an identity provider for single sign-on access to Marketing Cloud.  Once this is setup, you may run into issues with expiring Certificates preventing you from being able to login to the Marketing Cloud for users who are setup to use SSO.  You can use the below to help resolve any potential issues you might have.
솔루션

You can find all of your certificates in Salesforce by following the below steps.  You will want to review your certs and ensure that you are not using an expired certificate.  If you are, you will want to create or import a new certificate to use moving forward.
1. Logged into Salesforce, click on Setup at the top right of your screen
2. In the Quick Find/Search box, search for "Certificate and Key Management" (under security controls)
3. Clicking into this will show you all current certificates that you have created in Salesforce
 

Once you have a certificate to use that is current, please review and update each area that is using your old certificate. 

1. Under Setup, use the Quick Find/Search again and search for "Identity Provider"
2. You should see a section called "Currently chosen certificate details" that will provide details on what certificate is being used for single sign-on.  If this is not the newest certificate, click Edit.
3. From the drop down, you can choose the certificate that Salesforce.com uses when communicating with service providers.  Select the newly created cert and click Save.
4. Once saved, you will want to download the new metadata as you will need to paste this data into the Marketing Cloud.  (we will use this later)
5. Under Setup, use the Quick Find/Search again and search for "Connected Apps" and find your App that was created for SSO
6. Your IdP Certificate would need to be updated as well - this should be your newly created cert or could possibly be "default IdP certificate" 
7. Click Save
 

Once you have updated the certificates in Salesforce and downloaded the updated metadata, you will want to update the metadata in the Marketing Cloud to reflect these changes.  Use your administrative user that you setup previously to access your Marketing Cloud Account without SSO.  This is mentioned as a TIP on the link about Single Sign-On Authentication.

1. Access the Marketing Cloud Administration tab and navigate to Key Management
2. Find the SSO Metadata Key type for your Single Sign-On setup
3. Click your key and paste/update your metadata to the new values
4. Click Save

You should now be able to access the Marketing Cloud again using Salesforce as your identity provider.  
Knowledge 기사 번호

000384336

 
로드 중
Salesforce Help | Article