Identity Provider Configuration Settings with Marketing Cloud Intelligence SSO

Click a link to view more information about the provider:

• MS Active Directory 3.0
• MS Active Directory 2.0
• Azure

Use these configuration settings to connect to Marketing Cloud Intelligence:

• When configuring the Identifier ID and Reply URL, use the URL of the application that you use to log into Marketing Cloud Intelligence:
  • AWS US https://app.datorama.com
  • AWS EU https://app-eu.datorama.com
  • Azure US https://app-us2.datorama.com
  • Azure EU https://app-eu2.datorama.com
• When configuring the Sign-on URL field, enter the URL according to the Marketing Cloud Intelligence application that you use: (this is the Users Direct Login Page)
  • AWS US https://app.datorama.com/services/auth/sso/<account ID>
  • AWS EU https://app-eu.datorama.com/services/auth/sso/<account ID>
  • Azure US https://app-us2.datorama.com/services/auth/sso/<account ID>
  • Azure EU https://app-eu2.datorama.com/services/auth/sso/<account ID>

If you’re using SAML2, follow these guidelines:

• Marketing Cloud Intelligence uses SAML2 with the HTTP Redirect binding for SP to IdP and expects the HTTP Post binding for IdP to SP.
• You can find the Marketing Cloud Intelligence Customer URL (also called the Assertion Consumer Service URL / ACS) in your Intelligence account on the Single Sign-on setting page.
• The NameID must contain the user’s email address: Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
• Your identity provider might ask if you want to sign the SAML assertion, the SAML response, or both. Marketing Cloud Intelligence requires the SAML response to be signed. You can choose signed or unsigned for the SAML assertion.