Enabling single sign-on between Management Center and IBM Marketing Center

You can make the integration between Management Center and IBM Marketing Center seamless for business users by configuring single sign-on. When single sign-on is in place, business users do not need to log on to IBM Marketing Center separately when they launch the IBM Marketing Center dashboard from Management Center.

Since the integration between Management Center an IBM Marketing Center is built on the logic for integrating WebSphere Commerce with IBM Digital Analytics, the same single sign-on configuration can be used for both integrations. If your site has an integration with IBM Digital Analytics enabled with single sign-on, you do not need to complete the following steps.

Before you begin

Complete the following tasks.
  • Configuring Management Center to work with IBM Marketing Center
  • Identify all of the WebSphere Commerce users that you want to map to an IBM Marketing Center user name. Make a note of the user names that are different between the applications. You do not need to map user names that are the same between the applications. The user names are stored in the LOGONID column of the USERREG database table.

About this task

To enable single sign-on, you must create and share a secret key that can be used to create a token for single sign-on authentication. You must provide this secret key to your IBM Marketing Center Support representative so that the same key is configured in the IBM Marketing Center system.

After you create the key, you can map the WebSphere Commerce user names to the IBM Marketing Center user names. For example, if your Management Center users each have an individual user name but share a common IBM Marketing Center user name such as admin, map the user names. You can map multiple Management Center user names to a single IBM Marketing Center user name. If you do not map the names the Management Center user name is treated as the IBM Marketing Center user name. If this name does not exist within the IBM Marketing Center system, authentication fails. The user must then log on to IBM Marketing Center separately.

Procedure

Configure the secret key for single sign-on in your WebSphere Commerce environment.
  1. Go to the following directory:
    • WC_installdir/components/samples/Coremetrics/xml
    • WebSphere Commerce DeveloperWCDE_installdir/components/samples/Coremetrics/xml
  2. Open the biConfig.xml file for editing.
  3. Locate the <ssoKey></ssoKey> element within the file.
  4. Check whether there a secret key is defined within the element. This definition might resemble the following example: 
    <ssoKey>2390eabf0795mprs</ssoKey>
    • If a key is defined, go to step 8.
    • If no key is defined, define a secret key. You can use any string that you want, however, ensure that you define a strong key. For example, use a 16-character string that meets the following conditions:
      • Contains at least one letter and one number.
      • Does not contain the same character more than four times in a row.

      Example: 2390eabf0795mprs

  5. Save and close the file.
  6. Restart the WebSphere Commerce server.
  7. Deploy the file to the WebSphere Commerce enterprise archive (EAR).
    Deploy the updated biConfig.xml file into the WC_eardir/xml/config/bi directory in your staging or production environment.
  8. Configure the secret key for single sign-on in IBM Marketing Center.
    1. Log in to IBM Marketing Center.
    2. Go to Admin > Global User Authentication.
    3. Enter the value for your secret key within the IBM Enterprise Marketing Management Shared Secret field.
    4. Click Save.
    If the IBM Marketing Center system does not have the identical secret key that is configured for Management Center, then single sign-on does not work.

    Tip: It is a good practice to change your secret key periodically. Changing the entry in the <ssoKey> element in this file and then provideIBM Marketing Center the updated secret key.

  9. Map the Management Center user names to IBM Marketing Center user names.
    Note: If you enabled automatic user account creation within IBM Marketing Center, you do not need to complete this step. By enabling this setting, a new user account creates when a Management Center user launches IBM Marketing Center from Management Center. If your Management Center users do not have existing IBM Marketing Center user names, consider using this option. For more information, see the product documentation that is provided with IBM Marketing Center.
    1. Connect to your WebSphere Commerce database.
    2. For each WebSphere Commerce user name, issue the following SQL statement.
      This statement stores the mapping of the WebSphere Commerce user name to an IBM Marketing Center user name in the MBRATTRVAL table:
      INSERT into MBRATTRVAL (MBRATTRVAL_ID, MEMBER_ID, ATTRTYPE_ID, MBRATTR_ID, STRINGVALUE) values (
((SELECT MAX(MBRATTRVAL_ID) from MBRATTRVAL) + 1),
(SELECT USERS_ID from USERREG where LOGONID = 'wcsUsername'),
'STRING',
(SELECT MBRATTR_ID from MBRATTR where NAME = 'CMCAnalyticsUsername'), 'EMM_UserName')

      Where:

      wcsUsername
      The WebSphere Commerce user name. This name is the name that the business user uses to log on to Management Center. These user names are stored in the LOGONID column of the USERREG table. You can specify only one user name at a time.
      EMM_UserName
      The IBM Marketing Center user name. This name is also the name that the business user uses to log on to other IBM Enterprise Marketing Management modules, such as IBM Digital Analytics.
    3. Repeat the previous step to map each WebSphere Commerce user name to an IBM Marketing Center user name.

Results

The next time these business users log on to Management Center and then launch IBM Marketing Center, they will not have to authenticate separately with IBM Marketing Center.