OAuth for APIs, SSH for SFTP and GPG payload encryption
Last updated
Last updated
Before leaving Snowflake, the data is GPG-encrypted with a public key stored in Snowflake. The private key is stored in Marketing Cloud, so that even if intercepted, the data cannot be read.
An SSH key is used to log in to the SFTP server to upload the data as a single file.
Once the file is uploaded to SFTP, OAuth 2.0 credentials are used to connect to the Marketing Cloud API and create an Automation task. This task first transfers the file into the Safehouse for decryption, then creates an import task to load it into a data extension.
If any import errors are reported, the error messages are collected from a report file via SFTP
We are aware that Marketing Cloud now supports S3 and Azure Blob storage instead of SFTP. However, only permanent user credentials (e.g. Access Key and Access Secret) are supported, and best practise is to use temporary (STS-generated) credentials or an IAM role grant. We will continue to monitor support for these contemporary methods.
Please contact us if you have a specific mechanism you'd like to see supported.
Enter the Marketing Cloud Setup area:
2. Navigate to the "Installed Packages" section under "Apps", click "New", enter "Omnata" as the app name, and click "Save":
3. Click the "Add Component" button, and choose "API Integration":
4. Choose "Server-to-Server":
5. Enable the following scopes:
AUTOMATION
Automations: Read, Write, Execute (for outbound syncing of data extensions)
CONTACTS
Audiences: Read, Write (for inbound and outbound syncing of audiences respectively)
List and Subscribers: Read, Write (for inbound and outbound syncing of lists/subscribers respectively)
JOURNEYS: Read (for inbound syncing of journey events)
DATA
Data Extensions: Read, Write (for inbound and outbound syncing of data extensions respectively)
File Locations: Read, Write (for outbound syncing of data extensions)
6. Note the Client ID, Client Secret, and Authentication Base URI for the Omnata App Connection:
Navigate to the "FTP Accounts" section under "Data Management"
Note the FTP URL shown here
Click "Add FTP User"
4. Note the FTP Username shown here.
5. Configure an email address for the user, and give it any strong password (we won't actually use the password). Set the User Permissions to "Full" and click Next
6. Click Save:
7. Back in Salesforce Marketing Cloud Setup, click on "Key Management" under "Data Management", then click "Create":
8. Select "SSH" as the Key Type, "Omnata" as the Name, and "omnata-public-key" as the External Key.
9. Copy the public key file provided during Omnata App Connection setup and save it locally as a text file (.txt).
Upload the saved key to Marketing Cloud by clicking "Browse". Tick "Public Key" and press "Save":
Navigate back to the "FTP Accounts" section under "Data Management". For the FTP user you created previously, select "SSH Keys" in the context menu:
11. Add the Omnata Push SSH key you uploaded previously, and ensure SSH Key is selected as an authentication option:
12. Click Save, and you're done!
During the setup process, the Omnata UI will provide you with a private GPG key to copy. Save this as a file so that it can be uploaded into Marketing Cloud
Back in Salesforce Marketing Cloud Setup, click on "Key Management" under "Data Management", then click "Create":
Select "Asymmetric" as the Key Type, "Omnata GPG" as the Name, and "omnata-sfmc-gpg" as the External Key. Browse and select the key file you saved in step 1. Tick "Private Key" and leave the passphrase blank.
Click Save, and once successfully uploaded you can delete the local key file you uploaded.
Finally, we need to create a File Transfer Activity which references this key. From the top menu, navigate to Automation Studio:
6. Create a new Activity:
7. Select File Transfer Activity, and click Next:
8. Name the activity "Omnata Template", and choose the "Manage File" option:
9. Enter "*" for the file pattern, (note: this value will not actually be used). Tick "Decrypt file" and select "Omnata GPG" as the customer private key, then click Next:
10. Choose Finish
That's all the configuration you need to do in Marketing Cloud. You should be able to complete the connection process in the Omnata UI now.
