Setup Unica Platform SSO in CDP

This page explains how to enable Single Sign-On (SSO) between HCL Unica Platform and CDP using the CDP-OP (On-Premise) component, allowing seamless authenticated access to CDP from within the Unica UI.

As part of integrating HCL CDP with the Unica Platform, creating a platform tenant is a required initial step. This process establishes the environment in which users, roles, and configurations are managed, and enables seamless authentication and data access between Unica+ and CDP. By setting up a platform tenant, map CDP instance to a corresponding Unica+, ensuring a consistent and secure single sign-on (SSO) experience and enabling cross-platform functionality.

Pre-requisites

Make sure the following things are in place, before you start:

  1. CDP-OP (Customer Data Platform – On-Premise) service deployed (either on-premise or cloud-native).
  2. CDP tenant provisioned and mapped 1:1 to a Unica Platform partition.
  3. A PlatformAdmin user must exist in CDP.
  4. Required SQL updates applied to CDP's database

CDP-OP Component

The CDP-OP, is a light weight microservice component, handles session token creation, user provisioning, and role mapping between Unica and CDP.

Integration Workflow:

  1. User logs into the Unica Platform UI, and selects the CDP menu item.
  2. Unica Platform sends a request to CDP-OP to get a session token.
  3. CDP-OP:
    • Authenticates user.
    • Provisions user in CDP with appropriate roles/permissions, if not present.
    • Generates session token.
  4. Token is returned to Unica, and CDP UI launches in a new window with authenticated access.
Note: All interactions from Unica to CDP are routed via CDP-OP to ensure consistent identity handling, session life-cycle handling, and multi-tenancy support.
Deployment Notes
  • CDP-OP is deployed:
    • With Unica Suite (same pod/container group in Docker).
    • Or as a separate service (on-premise).
  • Raise a support case to obtain Helm charts or packages for CDP-OP deployment.

Register CDP Application in Unica Platform

Register CDP application under Unica Marketing Platform to ensure registration of CDP configurations, menu, and user roles and permissions.

For On-Premise Deployment:

  1. Run these commands using Unica utilities:
    # Add CDP Configuration
configTool.bat -vp -p "Affinium" -f cdp_configuration.xml

# Add CDP Menu Entry
configTool.bat -vp -p "Affinium|suite|uiNavigation|mainMenu" -f cdp_menu.xml

Create CDPUser Role
populateDb.bat -n CDP
  2. Assign CDPUser role to users requiring CDP access.

For Docker/Cloud Native Deployments:

Configuration is applied automatically on container startup — no manual steps required.

CDP Tenant Configuration

Configure CDP Tenant to enable integration between Unica Platform and CDP and establish a 1:1 mapping between each CDP tenant and corresponding Unica Platform partition.

This configuration is performed by the HCLNow team performs this configuration and ensures creating the required CDP user, generating the credentials, and providing the necessary details to the Unica team for integration.

To setup Unica Platform SSO access for an user, follow the steps below:

  1. Log in to the Admin portal using the Admin credentials, and create a user profile. For more information on creating user profile, refer Create User Profile.
  2. Now, login to CDP, and change the password on first login.
  3. Generate SHA-256 hash of the password. Use online hash generator. E.g. https://tools.keycdn.com/sha256-online-generator, and use the hash value in the Platform configuration under Password.
  4. Run the following SQL query to enable the user profile with PlatformAdmin role.
    1. Modify the KIND column in the OAuthToken table to include 'platform_token' in the ENUM.
      ALTER TABLE OAuthToken
MODIFY KIND ENUM('access_token', 'refresh_token', 'platform_token') 
DEFAULT 'access_token' NOT NULL;
    2. Insert a new ACLRole for PlatformAdmin.
      INSERT INTO ACLRole (Id, Name, Description, CreatedOn, CreatedBy, UpdatedOn, UpdatedBy, IsActive) VALUES (4, 'PlatformAdmin', NULL, NULL, NULL, NULL, NULL, 1);
    3. Update the OAuthUser to assign the new PlatformAdmin role based on email.
      UPDATE OAuthUser
SET ACLRoleId = 4
WHERE Email = 'username';
    4. Extend the user's password expiry by 10 years.
      UPDATE OAuthUser
SET PasswordExpires = NOW() + INTERVAL 10 YEAR
WHERE Email = 'username';
      Note: Make sure 'username' is replaced with the actual email of the user.
  5. After setting up the user profile with PlatformAdmin role, to access CDP in Unica Platform, make sure to configure CDP parameters like cdpurl, tenantID, password, clientID and so on, in Unica Platform. For more information, refer Unica Platform Administrator's Guide.

Configuring CDP in Unica Platform Configuration

Configure CDP in the Unica Platform to enable seamless integration between the two systems. This configuration is mandatory in both on-premise and Docker-based deployments to ensure users can access CDP without manual intervention or separate login. HCLNow team provides the details for CDP configuration.

Update the following configurations in the Unica Platform:
Affinium|UnicaCDP
└── serverURL = http://<cdp-op-host>:8086/cdpop

Affinium|UnicaCDP|partitions|partition1|CDP
├── cdpUrl = http://<cdp-base-url>:8001
├── coreApiUrl = http://<cdp-core-api>:3000
├── tenantId = <cdp-tenant-id>
├── User = <cdp-username>
├── Password = <SHA-256 hashed password>
└── clientId = 3eb0a22318cb73a9341b756f3a521af7115e461a
Note: Ensure the path matches the appropriate partition (e.g., partition1, partition2, etc.)
  • serverURL – CDP-OP service URL, e.g. http://localhost:8086/cdpop.
  • cdpUrl – CDP base URL, e.g. http://localhost:8001.
  • coreApiUrl – Core API service URL, e.g. http://localhost:3000.
  • tenantId –CDP Tenant ID, e.g. 3533.
  • User – CDP Username, e.g. cdpuser01.
  • Password – SHA-256 hashed password. Generated Hashed password using an online tool.
  • clientId – Static client ID for authentication, e.g. 3eb0a22318cb73a9341b756f3a521af7115e461a.