ICF 1.5.20.25

Adobe Marketing Cloud connector

The Adobe Marketing Cloud connector lets you manage profiles in an Adobe Campaign data store. The connector supports a subset of the OpenICF operations, as listed in OpenICF Interfaces Implemented by the Adobe Marketing Cloud Connector.

To use this connector, you need an Adobe ID.

Before you start

Configure a new integration on AdobeIO, as shown in the following steps. Note that these steps assume a specific version of the AdobeIO user interface. For information on the current version, refer to the corresponding Adobe documentation.

The integration requires a public certificate and private key that will be used to sign the JWT token.

  1. You can use IDM’s generated self-signed certificate and private key to test the connector. In a production environment, use a CA-signed certificate and key.

    Export IDM’s self-signed certificate as follows:

    1. Export the certificate and key from JCEKS to standardized format PKCS #12:

      keytool \
      -importkeystore \
      -srckeystore /path/to/openidm/security/keystore.jceks \
      -srcstoretype jceks \
      -destkeystore /path/to/keystore.p12 \
      -deststoretype PKCS12 \
      -srcalias openidm-localhost \
      -deststorepass changeit \
      -destkeypass changeit
    2. Export the certificate:

      openssl pkcs12 \
      -in /path/to/keystore.p12 \
      -nokeys \
      -out /path/to/cert.pem
    3. Export the unencrypted private key:

      openssl pkcs12 \
      -in /path/to/keystore.p12 \
      -nodes \
      -nocerts \
      -out /path/to/key.pem
  2. Log in to https://console.adobe.io/.

  3. Click Integrations > New Integration.

  4. Click Access an API > Continue.

  5. Under the Experience Cloud item, click Adobe Campaign > Continue, then click New integration > Continue.

  6. Enter a name and short description for the new integration. For example, IDM-managed.

  7. Drag and drop your public certificate file into the Public keys certificates area. Alternatively, click Select a File, and browse to the file location.

  8. Select a license, then click Create Integration.

  9. Select Continue to integration details to obtain the Client Credentials required by the connector.

    You will need these details for the connector configuration.

Install the Adobe Marketing Cloud connector

If you are looking for the Advanced Identity Cloud application for this connector, refer to:

You can download any connector from Backstage, but some are included in the default deployment for Advanced Identity Cloud, IDM, or RCS. When using an included connector, you can skip installing it and move directly to configuration.

Connector included in default deployment
Connector IDM RCS

Yes

No

Download the connector .jar file from Backstage.

  • If you are running the connector locally, place it in the /path/to/openidm/connectors directory, for example:

    mv ~/Downloads/adobecm-connector-1.5.20.23.jar /path/to/openidm/connectors/
  • If you are using a remote connector server (RCS), place it in the /path/to/openicf/connectors directory on the RCS.

Configure the Adobe Marketing Cloud connector

Create a connector configuration using the IDM admin UI:

  1. From the navigation bar, click Configure > Connectors.

  2. On the Connectors page, click New Connector.

  3. On the New Connector page, type a Connector Name.

  4. From the Connector Type drop-down list, select Adobe Marketing Cloud Connector - 1.5.20.23.

  5. Complete the Base Connector Details.

    For a list of all configuration properties, refer to Adobe Marketing Cloud Connector Configuration
  6. Click Save.

When your connector is configured correctly, the connector displays as Active in the admin UI.

Refer to this procedure to create a connector configuration over REST.

Alternatively, you can create a connector configuration file and place it in your project’s conf/ directory. IDM bundles a sample configuration file (/path/to/openidm/samples/example-configurations/provisioners/provisioner.openicf-adobe.json) that you can use as a starting point.

The following example shows an excerpt of the provisioner configuration. Enable the connector (set "enabled" : true) then edit at least the configurationProperties to match your Adobe IO setup:

"configurationProperties" : {
    "endpoint" : "mc.adobe.io",
    "imsHost" : "ims-na1.adobelogin.com",
    "tenant" : "https://example.adobesandbox.com/",
    "apiKey" : "",
    "techAccId" : "example@techacct.adobe.com",
    "orgId" : "example@AdobeOrg",
    "clientSecret" : "CLIENT_SECRET",
    "privateKey" : "PRIVATE_KEY"
},
...
endpoint

The Adobe IO endpoint for Marketing Cloud. mc.adobe.io by default - you should not have to change this value.

imsHost

The Adobe Identity Management System (IMS) host. ims-na1.adobelogin.com by default - you should not have to change this value.

tenant

Your tenant (organization) name or sandbox host.

apiKey

The API key (client ID) assigned to your API client account.

techAccId

Your Technical account ID, required to generate the JWT.

orgId

Your organization’s unique ID, for example 12345@AdobeOrg.

clientSecret

The client secret assigned to your API client account.

privateKey

The private key used to sign the JWT token, corresponds to the public key certificate that you attached to the integration.

For a list of all the configurable properties, refer to Adobe Marketing Cloud Connector Configuration.

Test the Adobe Marketing Cloud connector

When your connector is configured correctly, you can test its status by running the following command:

curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system/adobe?_action=test"
[
  {
    "name": "adobe",
    "enabled": true,
    "config": "config/provisioner.openicf/adobe",
    "connectorRef": {
      "bundleName": "org.forgerock.openicf.connectors.adobecm-connector",
      "connectorName": "org.forgerock.openicf.acm.ACMConnector",
      "bundleVersion": "[1.5.0.0,1.6.0.0)"
    },
    "displayName": "Adobe Marketing Cloud Connector",
    "objectTypes": [
      "__ALL__",
      "account"
    ],
    "ok": true
  }
]

A status of "ok": true indicates that the connector can reach the configured Adobe integration.

Adobe Marketing Cloud remote connector

If you want to run this connector outside of PingOne Advanced Identity Cloud or IDM, you can configure the Adobe Marketing Cloud connector as a remote connector. Java Connectors installed remotely on a Java Connector Server function identically to those bundled locally within PingOne Advanced Identity Cloud or installed locally on IDM.

You can download the Adobe Marketing Cloud connector from here.

Refer to Remote connectors for configuring the Adobe Marketing Cloud remote connector.

OpenICF Interfaces Implemented by the Adobe Marketing Cloud Connector

The Adobe Marketing Cloud Connector implements the following OpenICF interfaces. For additional details, see ICF interfaces:

Create

Creates an object and its uid.

Delete

Deletes an object, referenced by its uid.

Schema

Describes the object types, operations, and options that the connector supports.

Script on Connector

Enables an application to run a script in the context of the connector.

Any script that runs on the connector has the following characteristics:

  • The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access.

  • The script has access to a connector variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration.

  • The script has access to any script arguments passed in by the application.

Search

Searches the target resource for all objects that match the specified object class and filter.

Test

Tests the connector configuration.

Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid.

This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out).

You can invoke the test operation before a connector configuration has been validated.

Update

Updates (modifies or replaces) objects on a target resource.

Adobe Marketing Cloud Connector Configuration

The Adobe Marketing Cloud Connector has the following configurable properties:

Basic Configuration Properties

Property Type Default Encrypted(1) Required(2)

endpoint

String

mc.adobe.io

Yes

The Adobe IO endpoint for Marketing Cloud. mc.adobe.io by default - you should not have to change this.

imsHost

String

ims-na1.adobelogin.com

Yes

Adobe Identity Management System (IMS) host. ims-na1.adobelogin.com by default - you should not have to change this.

tenant

String

null

Yes

Your tenant (organization) name or sandbox host.

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.

Adobe Integration Properties

Property Type Default Encrypted(1) Required(2)

apiKey

GuardedString

null

Yes

Yes

The API key (client ID) assigned to your API client account.

technicalAccountID

String

null

Yes

Your Technical account ID, required to generate the JWT.

organizationID

String

null

Yes

Your organizations unique ID, for example 12345@AdobeOrg.

clientSecret

GuardedString

null

Yes

Yes

The client secret assigned to your API client account.

privateKey

GuardedString

null

Yes

Yes

The private key used to sign the JWT token, corresponds to the public key certificate attached to the integration.

accessToken

GuardedString

null

Yes

No

The OAuth Access Token for the application.

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.