Authentication Between Clouds

Authentication tools connect your users automatically between Engagement, Sales Cloud, and Service Cloud to create a secure, seamless experience working with Marketing Cloud Connect. After Salesforce admins complete the initial setup and configuration, users log in once to Marketing Cloud Connect and are automatically authenticated in the future.

Authentication from Engagement into the Sales and Service Clouds

Connected App Authentication is a secure authentication mechanism used by Marketing Cloud Connect. It removes SOAP and REST API limits for Marketing Cloud Connect. Connected App Authentication doesn’t lift BULK API limits. API calls made into Engagement don’t count against your daily limit.

Connected App authentication is required for all Marketing Cloud Connect customers as of June 1, 2016. It’s available with all versions of Marketing Cloud Connect. New customers who complete all steps to connect clouds installed Connected App authentication. If you’re an existing customer with an older version of the managed package, complete all steps to upgrade to Connected App Authentication.

Authentication from the Sales and Service Cloud into Engagement

Tenant-specific OAuth Authentication uses the JWT bearer token flow and access tokens to provide a secure connection between the clouds, without storing Engagement user passwords within Sales and Service Clouds. This enhanced authentication is available with the 220 or newer managed package release.

To reduce downtime or impact to your business, follow these steps if you’re upgrading from an older version of the managed package.

• Allow all scheduled sends to complete before starting the upgrade, if possible.
• Ensure that you can log in to Engagement using the current API user credentials.
• To minimize downtime if an unexpected error occurs, schedule the upgrade during off-peak hours.
• Install the managed package.
• In Sales or Service Cloud in the Marketing Cloud Configuration Settings, enable tenant-specific OAuth Endpoints.
• Click Connect to Marketing Cloud.
• Enter the API user credentials.
• Click Log-in.

When the upgrade completes, verify that Marketing Cloud Connect API user credentials converted to the new authentication framework by navigating to the Marketing Cloud tab in Sales or Service Cloud. If the API user didn’t migrate, you’re prompted to enter the API user credentials. If you have an Enterprise 2.0 Engagement account, click Manage Business Units and confirm that previously active business units are active. Add business units if needed and save. Also, confirm the API user migration for non-Enterprise 2.0 accounts by completing a triggered send test.