Integrate with Eloqua

Prerequisites

Before you install and configure an Eloqua orchestrated system, you should consider the following prerequisites and tasks.

Certified Components

The system can be any one of the following:

  • Eloqua

Supported Modes

Eloqua orchestrated system supports the following mode(s):
  • Managed System

Supported System Operations

The Eloqua orchestrated system supports the following operations:
  • Create user
  • Delete user
  • Reset Password
  • Assign Groups to a user
  • Remove Groups from a user
  • Assign Licences to a user
  • Remove Licences from a user

Obtain Client ID and Client Secret

Register your application within Eloqua to receive a unique Client ID and Client Secret.

  1. Log in to your Eloqua instance.
  2. Navigate to SettingsAppCloud Developer.
  3. Select Create New App.
  4. Fill in the required application details.
  5. In the OAuth section, enter your application URL in the OAuth Callback URL field.
  6. Click Save.
  7. Eloqua generates your Client ID and Client Secret. Save these credentials. You'll use them in configuration using OAuth.

For detailed steps, refer Authenticate using OAuth 2.0 .

Generate Authorization Code (Browser)

Initiate the OAuth process by directing users to Eloqua’s authorization endpoint in a web browser.

  1. Open a browser and use the following URL, replacing placeholders with your actual values:
    https://login.eloqua.com/auth/oauth2/authorize?response_type=code&client_id=<CLIENT_ID>&redirect_uri=<YOUR_CALLBACK_URL>&scope=full
  2. Authenticate and approve.
  3. After approval, you’ll be redirected to your callback URL:
    https://yourapp.com/callback?code=AUTH_CODE_VALUE
  4. Copy and save the AUTH_CODE_VALUE from the URL

Exchange Authorization Code for Tokens

Send the authorization code, along with your credentials, to Eloqua’s token endpoint using a REST client.

Use a REST client (such as Postman) to make a POST request:
  • Endpoint
    POST https://login.eloqua.com/auth/oauth2/token
  • Headers
    Authorization: Basic <BASE64(CLIENT_ID:CLIENT_SECRET)>
Content-Type: application/x-www-form-urlencoded
  • Body (form-data)
    grant_type=authorization_code
code=<AUTH_CODE_VALUE>
redirect_uri=<YOUR_CALLBACK_URL>

A successful request returns a JSON response containing both access token and refresh token. Copy and save the refresh token. You'll use them in configuration using OAuth

Configure

You can establish a connection between Eloqua and Oracle Access Governance by entering connection details. To achieve this, use the Orchestrated Systems functionality available in the Oracle Access Governance Console.

Navigate to the Orchestrated Systems Page

Navigate to the Orchestrated Systems page of the Oracle Access Governance Console, by following these steps:
  1. From the Oracle Access Governance navigation menu icon Navigation menu, select Service Administration → Orchestrated Systems.
  2. Click the Add an orchestrated system button to start the workflow.

Select system

On the Select system step of the workflow, you can specify which type of system you would like to onboard.

  1. Select Eloqua.
  2. Click Next.

Enter details

On the Add Details step of the workflow, enter the details for the orchestrated system:
  1. Enter a name for the system you want to connect to in the Name field.
  2. Enter a description for the system in the Description field.
  3. Determine if this orchestrated system is an authoritative source, and if Oracle Access Governance can manage permissions by setting the following checkboxes.
    • This is the authoritative source for my identities
    • I want to manage permissions for this system
    The default value in each case is Unselected.
  4. Click Next.

Add owners

You can associate resource ownership by adding primary and additional owners. This drives self-service as these owners can then manage (read, update or delete) the resources that they own. By default, the resource creator is designated as the resource owner. You can assign one primary owner and up to 20 additional owners for the resources.

Note:

When setting up the first Orchestrated System for your service instance, you can assign owners only after you enable the identities from the Manage Identities section.
To add owners:
  1. Select an Oracle Access Governance active user as the primary owner in the Who is the primary owner? field.
  2. Select one or more additional owners in the Who else owns it? list. You can add up to 20 additional owners for the resource.
You can view the Primary Owner in the list. All the owners can view and manage the resources that they own.

Account settings

On the Account settings step of the workflow, enter details of how you would like to manage accounts with Oracle Access Governance when configured as a managed system:
  1. Select to allow Oracle Access Governance to create new accounts when a permission is requested, if the account does not already exist. By default this option is selected meaning that an account will be created if it does not exist, when a permission is requested. If the option is unselected then permissions can only be provisioned where the account already exists in the orchestrated system. If permission is requested where no user exists then the provisioning operation will fail.
  2. Select where and who to send notification emails when an account is created. The default setting is User. You can select one, both, or none of these options. If you select no options then notifications will not be sent when an account is created.
    • User
    • User manager
  3. When an identity leaves your enterprise you should remove access to their accounts. You can select what to do with the account when this happens. Select one of the following options:
    • Delete: Deletes all accounts and permissions managed by Oracle Access Governance.
    • Disable: Disables all accounts and marks permissions as Inactive for all permissions managed by Oracle Access Governance.
      • Delete the permissions for disabled accounts: To ensure zero residual access, select this to delete directly assigned permissions and policy-granted permissions during account disablement.
    • No action: No action is taken when an identity leaves the organization by Oracle Access Governance.

    Note:

    The options above are only displayed if supported in the orchestrated system type being configured. For example, if Delete is not supported, then you will only see the Disable and No action options.
  4. When all permissions for an account are removed, for example when moving from one department to another, you may need to adjust what accounts the identity has access to. You can select what to do with the account when this happens. Select one of the following options:
    • Delete
    • Disable
    • No action

    Note:

    The options above are only displayed if supported in the orchestrated system type being configured. For example, if Delete is not supported, then you will only see the Disable and No action options.
  5. If you want Oracle Access Governance to manage accounts created directly in the orchestrated system you can select the Manage accounts that are not created by Access Governance option. This will reconcile accounts created in the managed system and will allow you to manage them from Oracle Access Governance.

Note:

If you do not configure your system as a managed system then this step in the workflow will display but is not enabled. In this case you proceed directly to the Integration settings step of the workflow.

Note:

If your orchestrated system requires dynamic schema discovery, as with the Generic REST and Database Application Tables (Oracle) integrations, then only the notification email destination can be set (User, Usermanager) when creating the orchestrated system. You cannot set the disable/delete rules for movers and leavers. To do this you need to create the orchestrated system, and then update the account settings as described in Configure Orchestrated System Account Settings.

Integration settings - Configure Eloqua using Basic Auth

On the Integration settings step of the workflow, enter the configuration details required to allow Oracle Access Governance to connect to the Eloqua application instance.

  1. In the username field, enter the user name of the system user that you created for performing operations.

    Username should be in the format <Company name>\<User name>.

  2. In the host field, enter the host name from the URL. For example secure.<pod>.eloqua.com.
  3. In the port field, enter the port number at which the Eloqua system is listening.
  4. Enter username to authenticate
  5. Enter the password of the user of the Eloqua system that you created for performing operations, into the password/confirm password fields.
  6. Click Add to create the orchestrated system.

Configure Eloqua using OAuth

On the Integration settings step of the workflow, enter the configuration details required to allow Oracle Access Governance to connect to the Eloqua using OAuth.

Select Do you want to use refresh token for authentication? check box and enter the details, as follows:

Field Description
Host Enter the host name from the URL. For example secure.<pod>.eloqua.com.
Redirect URL Callback URL after authentication. It must match with URL you entered during the application registration.
https://yourapp.example.com/callback
Authentication Server URL The URL of Eloqua’s OAuth2 server for requesting tokens.
https://login.eloqua.com/auth/oauth2/token
Client ID Client ID of your app displayed when registering the integration in Eloqua. See Obtain Client ID and Client Secret.
Client Secret Client secret of your app displayed when registering the integration in Eloqua. See Obtain Client ID and Client Secret.
Refresh Token A token used to refresh your access token automatically when it expires. For example, eyJraWQiOi...2IHpuqg. See Exchange Authorization Code for Tokens.
Request Timeout Maximum time to wait (in milliseconds) before aborting the request. 30000.

Click Add to create the orchestrated system.

Finish Up

The final step of the workflow is Finish Up, where you are given a choice whether to further configure your orchestrated system before running a data load, or accept the default configuration and initiate a data load. Select one from:
  • Customize before enabling the system for data loads
  • Activate and prepare the data load with the provided defaults

Post Configuration

There are no post configuration steps associated with an Eloqua system.