You are here:
Enable Single Sign-On with Marketing Cloud Engagement and the Salesforce Platform
Unify the login experience for your users by implementing single sign-on (SSO) for Marketing Cloud Engagement and Salesforce Platform applications, such as Data 360, Sales Cloud, and Service Cloud. For example, if your organization uses Data 360 with Marketing Cloud Engagement, you can configure both platforms so that your users log in only one time to use both applications.
Required Editions
| Available in: All Editions |
Implementing SSO can increase the productivity of your users by enabling them to easily switch between Marketing Cloud Engagement and other Salesforce Platform applications without logging in to each application separately. Because your users only have a single password to remember, SSO can reduce IT calls related to lost or forgotten passwords. SSO also provides security benefits for your enterprise. When you use SSO, you can enforce access controls, password strength requirements, and password expiration policies from a single source. You can also disable account access quickly if a password is compromised.
Configure Your Identity Provider
Marketing Cloud Engagement and the Salesforce Platform are compatible with SSO products from several identity providers (IdPs), including Salesforce, Okta®, OneLogin™, and Microsoft® Entra ID (formerly Azure™ Active Directory).
-
Configure your IdP to connect to Salesforce. The steps for configuring your IdP vary
depending on which provider you use. Consult the documentation for your IdP.
TipYou can use Salesforce as an IdP. See Salesforce as a SAML Identity Provider.
- During the configuration process, your IdP displays an option to download a metadata file and an authentication certificate. Download these files to your computer.
Configure SSO in Salesforce
To configure SSO for the Salesforce Platform, load the metadata from your IdP into Salesforce. When you complete that process, create a user with SSO enabled. You can use this user account later to test your configuration.
- Enable SSO for your Salesforce account. See Salesforce as a Service Provider.
- In Salesforce Setup, in the Quick Find box, enter users, and then select Users.
- Click Create.
-
Under Single Sign-On Information, for Federation ID, enter the username that the user
logs in with.
The federation ID is usually the user’s email address.
- Complete the remaining fields, and save the new user account.
- Log out of Salesforce.
Configure SSO in Marketing Cloud Engagement
The Marketing Cloud Engagement platform is separate from the Salesforce Platform, so you must enable SSO for it separately and create an SSO user.
- Enable SSO for your Marketing Cloud Engagement account. See Enable SAML 2.0 Single Sign-On Authentication.
- Sign in to Marketing Cloud Engagement Setup as an admin.
- In Marketing Cloud Engagement Setup, in the Quick Find box, enter users, and then select Users.
- Click Create.
-
Select Enable SSO, and then enter the federation ID for the
user.
Important The federation ID that you enter must exactly match the federation ID that you provided in Salesforce Setup. - Complete the remaining fields, and save the new user account.
- Log out of Marketing Cloud Engagement.
Test the SSO Configuration
After you’ve configured both Salesforce and Marketing Cloud Engagement to use SSO, test the process by logging in to both applications.
- On the login page for your IdP, log in as the user that you configured to use SSO.
- Verify that the links to log in to Salesforce and Marketing Cloud Engagement work as expected.
After you confirm that SSO works as expected, you’re ready to deploy SSO to the rest of your organization. You can enable SSO for existing users or create users with SSO enabled. For each user, specify the same federation ID in both the Salesforce Platform and in Marketing Cloud Engagement.
