Marketo Connector
Important
Connectors continue to be released outside the IDM release. For the latest documentation, refer to the ICF documentation.
The Marketo connector enables synchronization between IDM managed users and a Marketo leads database.
This connector forms part of ForgeRock's support for customer data management (CDM). You can synchronize any managed user to Marketo—those who have been added directly to the IDM repository, and those who have registered themselves through one of the Social Identity Providers described in Social Registration.
The Marketo connector is an implementation of the Scripted Groovy Connector Toolkit, and enables you to interact with leads in a Marketo database, using Groovy scripts for the ICF operations.
To use the Marketo connector, you need the following:
A Marketo account
A client ID and client secret
The REST API URL for your IDM service
A custom list created in your Marketo leads database
To obtain these details from Marketo, see the Marketo documentation.
A sample connector configuration file is available, at /path/to/openidm/samples/example-configurations/provisioners/provisioner.openicf-marketo.json. To test the Marketo connector, copy that file to your project's conf/ directory, and edit at least the configurationProperties to provide the REST API URL, client ID and client secret.
Set the enabled property in the connector configuration to true. IDM encrypts the client secret on startup. Optionally, you can specify the listName to which leads should be added when they are synchronized from IDM. The following excerpt from the sample connector configuration file shows the properties that you must set:
{
"displayName" : "MarketoConnector",
"description" : "Connector used to sync users to Marketo leads",
"author" : "ForgeRock",
"enabled" : true,
"connectorRef" : {
"bundleName" : "org.forgerock.openicf.connectors.marketo-connector",
"bundleVersion" : "1.5.3.0",
"connectorName" : "org.forgerock.openicf.connectors.marketo.MarketoConnector"
},
...
"configurationProperties" : {
"instance" : "<INSTANCE_FQDN>",
"clientId" : "<CLIENT_ID>",
"clientSecret" : "<CLIENT_SECRET>",
"leadFields" : null,
"partitionName" : null,
"listName" : "<LEAD_LIST_NAME>",
...
},
...
}- instance
To locate the REST API endpoint URL in Marketo, select Admin > Web Services, scroll down to REST API, and find the endpoint. Use that REST endpoint as the value of the
instanceproperty in your connector configuration. Remove the protocol and/restfrom the URL. For example, if the endpoint ishttps://some-number.mktorest.com/rest, the value of theinstanceproperty must besome-number.mktorest.com.- clientId
Locate the client ID in the details of your Marketo service
LaunchPoint.- clientSecret
Locate the client secret in the details of your Marketo service
LaunchPoint.- listName
The name of the custom list created in your Marketo Leads database.
You can also configure the Marketo connector through the Admin UI. Select Configure > Connectors > New Connector and select Marketo Connector - 1.5.20.11 as the Connector Type. Configuration properties correspond to those described in the previous list. For details of all the configuration properties, see "Marketo Connector Configuration".
When your connector is configured correctly, you can test its status by running the following command:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system?_action=test"[ { "name": "marketo", "enabled": true, "config": "config/provisioner.openicf/marketo", "objectTypes": [ "__ALL__", "account" ], "connectorRef": { "bundleName": "org.forgerock.openicf.connectors.marketo-connector", "connectorName": "org.forgerock.openicf.connectors.marketo.MarketoConnector", "bundleVersion": "1.5.20.11" }, "displayName": "Marketo Connector", "ok": true } ]
A status of "ok": true indicates that the connector can reach your Marketo database.
Reconciling Users With a Marketo Leads Database
The Marketo connector enables you to reconcile IDM users (including managed users and users who have registered through a social identity provider) with a Marketo leads database. To set up reconciliation to a Marketo database, copy the following sample mapping file to your project's conf directory:
/path/to/openidm/samples/example-configurations/marketo/sync.json
This file sets up a mapping from the managed user repository to Marketo user accounts. The file includes transformations for user accounts registered through Facebook and LinkedIn. You can use these transformations as a basis for transformations from other social identity providers.
If you have an existing mapping configuration, add the content of this sample sync.json to your existing mapping.
The sample mapping restricts reconciliation to users who have accepted the marketing preferences with the following validSource script:
"validSource" : {
"type" : "text/javascript",
"globals" : {
"preferences" : [
"marketing"
]
},
"file" : "ui/preferenceCheck.js"
} When a user registers with IDM, they can choose to accept this condition. As a regular user, they can also select (or deselect) the condition in the End User UI by logging into IDM at http://localhost:8080/, and selecting Preferences.
If a user deselects the marketing preference after their account has been reconciled to Marketo, the next reconciliation run will remove the account from the Marketo database.
For more information on how preferences work in a mapping, see "Configure User Preferences".
Implementation Specifics
For PATCH requests, a connector can potentially add, remove, or replace an attribute value. The Marketo connector does not implement the add or remove operations, so a PATCH request always replaces the entire attribute value with the new value.
OpenICF Interfaces Implemented by the Marketo Connector
The Marketo Connector implements the following OpenICF interfaces.
- Authenticate
Provides simple authentication with two parameters, presumed to be a user name and password.
- Create
Creates an object and its
uid.- Delete
Deletes an object, referenced by its
uid.- Resolve Username
Resolves an object by its username and returns the
uidof the object.- Schema
Describes the object types, operations, and options that the connector supports.
- Script on Connector
Enables an application to run a script in the context of the connector. Any script that runs on the connector has the following characteristics:
The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access.
The script has access to a
connectorvariable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration.The script has access to any script-arguments passed in by the application.
- Script on Resource
Runs a script on the target resource that is managed by this connector.
- Search
Searches the target resource for all objects that match the specified object class and filter.
- Sync
Polls the target resource for synchronization events, that is, native changes to objects on the target resource.
- Test
Tests the connector configuration. Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid.
This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out).
You can invoke the test operation before a connector configuration has been validated.
- Update
Updates (modifies or replaces) objects on a target resource.
Marketo Connector Configuration
The Marketo Connector has the following configurable properties.
Configuration properties
| Property | Type | Default | Encrypted [a] | Required [b] |
|---|---|---|---|---|
customSensitiveConfiguration | GuardedString | null |  |  |
| Custom Sensitive Configuration script for Groovy ConfigSlurper | ||||
|
| ||||
customConfiguration | String | null | | |
| Custom Configuration script for Groovy ConfigSlurper | ||||
|
| ||||
instance | String | null |  | |
| The Marketo-assigned FQDN for your instance | ||||
|
| ||||
clientId | String | null | | |
| Your OAuth2 client ID | ||||
|
| ||||
clientSecret | GuardedString | null | | |
| Your OAuth2 client secret | ||||
|
| ||||
leadFields | String | null | | |
| Comma-delimited list of lead fields to fetch; Leave empty for default set | ||||
|
| ||||
partitionName | String | null | | |
| Name of the partition in which to create and update leads; May be left empty | ||||
|
| ||||
listName | String | null | | |
| Name of the Marketo static list the connector will use to manage leads | ||||
|
| ||||
accessToken | String | null | | |
| The access token for the application | ||||
|
| ||||
tokenExpiration | Long | null | | |
| The expiration token for the application | ||||
|
| ||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. | ||||
Operation Script Files
| Property | Type | Default | Encrypted [a] | Required [b] | ||
|---|---|---|---|---|---|---|
createScriptFileName | String | CreateMarketo.groovy |
| |||
| The name of the file used to perform the CREATE operation. | ||||||
|
| ||||||
customizerScriptFileName | String | null | | |||
| The script used to customize some function of the connector. Read the documentation for more details. | ||||||
|
| ||||||
authenticateScriptFileName | String | null |
| |||
| The name of the file used to perform the AUTHENTICATE operation. | ||||||
|
| ||||||
scriptOnResourceScriptFileName | String | null |
| |||
| The name of the file used to perform the RUNSCRIPTONRESOURCE operation. | ||||||
|
| ||||||
deleteScriptFileName | String | DeleteMarketo.groovy |
| |||
| The name of the file used to perform the DELETE operation. | ||||||
|
| ||||||
resolveUsernameScriptFileName | String | null |
| |||
| The name of the file used to perform the RESOLVE_USERNAME operation. | ||||||
|
| ||||||
searchScriptFileName | String | SearchMarketo.groovy |
| |||
| The name of the file used to perform the SEARCH operation. | ||||||
|
| ||||||
updateScriptFileName | String | UpdateMarketo.groovy |
| |||
| The name of the file used to perform the UPDATE operation. | ||||||
|
| ||||||
schemaScriptFileName | String | SchemaMarketo.groovy |
| |||
| The name of the file used to perform the SCHEMA operation. | ||||||
|
| ||||||
testScriptFileName | String | TestMarketo.groovy |
| |||
| The name of the file used to perform the TEST operation. | ||||||
|
| ||||||
syncScriptFileName | String | null |
| |||
| The name of the file used to perform the SYNC operation. | ||||||
|
| ||||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. | ||||||
Groovy Engine configuration
| Property | Type | Default | Encrypted [a] | Required [b] |
|---|---|---|---|---|
targetDirectory | File | null | | |
| Directory into which to write classes. | ||||
|
| ||||
warningLevel | int | 1 | | |
| Warning Level of the compiler | ||||
|
| ||||
scriptExtensions | String[] | ['groovy'] | | |
| Gets the extensions used to find groovy files | ||||
|
| ||||
minimumRecompilationInterval | int | 100 | | |
| Sets the minimum of time after a script can be recompiled. | ||||
|
| ||||
scriptBaseClass | String | null | | |
| Base class name for scripts (must derive from Script) | ||||
|
| ||||
scriptRoots | String[] | null | | |
| The root folder to load the scripts from. If the value is null or empty the classpath value is used. | ||||
|
| ||||
tolerance | int | 10 | | |
| The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted. | ||||
|
| ||||
debug | boolean | false | | |
| If true, debugging code should be activated | ||||
|
| ||||
classpath | String[] | [] | | |
| Classpath for use during compilation. | ||||
|
| ||||
disabledGlobalASTTransformations | String[] | null | | |
| Sets a list of global AST transformations which should not be loaded even if they are defined in META-INF/org.codehaus.groovy.transform.ASTTransformation files. By default, none is disabled. | ||||
|
| ||||
verbose | boolean | false | | |
| If true, the compiler should produce action information | ||||
|
| ||||
sourceEncoding | String | UTF-8 | | |
| Encoding for source files | ||||
|
| ||||
recompileGroovySource | boolean | false | | |
| If set to true recompilation is enabled | ||||
|
| ||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. | ||||