Step 2 of 3: Set up Marketo Solution with Server to Server Connection

Create Client Application in Azure AD

  1. Navigate to this Microsoft article.

  2. Follow all the steps. For Step 3, enter a relevant application name (e.g., “Marketo Integration”). Under the Supported Account Types, select Account in this Organizational Directory Only.

  3. Write down the Application ID (ClientId) and Tenant ID. You’ll need to enter it in Marketo later.

  4. Grant Admin consent by following the steps in this article.

  5. Generate a Client Secret in the Admin Center by clicking Certificates & secrets.

  6. Click the New client secret button.

  7. Enter a client secret description and click Add.


Make sure to make note of the Client Secret value (seen in the screenshot below), as you’ll need it later. It is only shown once, and you won’t be able to retrieve it again.

  1. Follow steps from the following link to set up an application user in Microsoft. While giving permissions to the Application User, assign it to “Marketo Sync User Role.”

Azure AD Federated with AD FS On-prem

Federated Azure AD to ADFS Onprem needs the creation of a Home Realm Discovery policy for the specific application. With this policy, Azure AD will redirect the authentication request to the federation service. Password hash synchronization has to be enabled in AD Connect for this. For more information, please see OAuth with ROPC and Set an hrd policy for an application.

Additional references can be found here.

Assign Sync User Role

  1. Assign the Marketo Sync User role to the Marketo sync user only.

This applies to Marketo version and later. For earlier versions, all users must have the sync user role. To upgrade your Marketo solution, see this article.

  1. Go back to the Application Users tab and refresh the users list.

  2. Hover next to the newly created Application user, and a checkbox will appear. Click to select it.

  3. Click Manage Roles.

  4. Check Marketo Sync User and click OK.

Configure Marketo Solution

Almost there! All we have left is to inform Marketo Solution about the new user created.


If you’re upgrading from Basic Authentication to OAuth, you’ll need to contact Marketo Support for help with updating the additional parameters. Enabling this feature will temporarily stop the sync until new credentials are entered and the sync is re-enabled. The feature can be disabled (until April 2022) should you want to revert to the old Authentication mode.

  1. Go back to the Advanced Settings section and click the icon next to Settings, and select Marketo Config.


    If you don’t see Marketo Config in the Settings menu, refresh the page. If that doesn’t work, try to publish the Marketo Solution again or log out and back in.

  2. Click Default.

  3. Click the search button on the Marketo User field and select the sync user you created.

  4. Click the icon in the bottom-right corner to save the changes.

  5. Click the X in the upper-right to close the screen.

  6. Click the icon next to Settings, and select Solutions.

  7. Click the Publish All Customizations button.

Before Proceeding to Step 3

On this page