Configuring Adobe I/O for Adobe Experience Cloud Triggers configuring-adobe-io

If you are using an older version of Triggers integration through oAuth authentication, you need to move to Adobe I/O as described below.
Note that during this move to Adobe I/O, some incoming triggers may be lost.
Legacy oAuth authentication mode with Campaign has been retired on October 20, 2021. Hosted environments benefit from an extension until May 25, 2022. As an on-premise or hybrid customer, contact Adobe Customer Care to extend support to May 2022. You must provide the AppID of the OAuth application to Adobe.

Prerequisites adobe-io-prerequisites

This integration only applies starting Campaign Classic 20.2.4 and above, 19.1.8 and Gold Standard 11 releases.

Before starting this implementation, please check you have:

  • a valid Organization identifier: the Organization ID is the unique identifier within the Adobe Experience Cloud, used for example for the VisitorID service and the IMS Single-Sign On (SSO). Learn more
  • a Developer access to your Organization. The System administrator of the organization needs to follow the Add developers to a single product profile procedure detailed in this page to provide developer access for the Analytics - {tenantID} Product Profile of the Adobe Analytics Product associated with Triggers.

Step 1: Create/update Adobe I/O Project creating-adobe-io-project

The Service Account (JWT) credential is being deprecated by Adobe, Campaign integrations with Adobe solutions and apps must now rely on OAuth Server-to-Server credential.
  • If you have implemented inbound integrations with Campaign, you must migrate your Technical Account as detailed in this documentation. Existing Service Account (JWT) credentials will continue to work until January 27, 2025. In addition, the creation of new Service Account (JWT) credentials in the Developer Console is no longer possible starting June 3, 2024. A new Service Account (JWT) credential cannot be created or added to a project after this date.

  • If you have implemented outbound integrations, such as Campaign-Analytics integration or Experience Cloud Triggers integration, they will continue to work until until January 27, 2025. However, before that date, you must upgrade your Campaign environment to v7.4.1 and migrate your Technical Account to oAuth. As the creation of new Service Account (JWT) credentials in the Developer Console is no longer possible starting June 3, 2024, you cannot create a new outbound integration relying on JWT after this date

  1. Access Adobe I/O and log in with the Developer access of your Organization. Make sure you are logged into the correct Organization portal.

  2. Extract existing integration Client identifier (Client ID) from the instance configuration file ims/authIMSTAClientId. Non-existing or empty attribute indicates Client identifier is not configured.

    note note
    If your Client identifier is empty, you can directly Create a New project in Adobe I/O.
  3. Identify the existing project using the extracted client identifier. Look for existing projects with the same Client identifier as the one extracted in previous step.

  4. Select + Add to Project and choose API.

  5. In the Add an API window, select Adobe Analytics.

  6. Choose Service Account (JWT) as the authentication type.

  7. If your Client ID was empty, select Generate a key pair to create a public and private key pair.

    The keys will then be automatically downloaded with a default expiry date of 365 days. Once expired, you will need to create a new key pair and update the integration in the configuration file. Using the Option 2, you can choose to manually create and upload your Public key with a longer expiry date.

    For a step-by-step guide on how to replace expiring certificate key pairs, refer to this page.

    note caution
    You should save the file when the download prompt comes up since you will not be able to download it again.

  8. Click Next.

  9. Choose any existing Product profile or create a new one if needed. No permission is required for this Product profile. For more information on Analytics Product Profiles, refer to Adobe Analytics documentation.

    Then, click Save configured API.

  10. From your project, select Adobe Analytics and copy the following information under Service Account (JWT):

    • Client ID
    • Client Secret
    • Technical account ID
    • Organization ID

Adobe I/O certificate will expire after 12 months. You need to generate a new key pair every year.

Step 2: Add the project credentials in Adobe Campaign add-credentials-campaign

This step is not required if your Client identifier was not empty in Step 1: Create/update Adobe I/O Project.

The private key should be encoded in base64 UTF-8 format. To do so:

  1. Use the private key generated in the Step 1: Create/update Adobe I/O Project section. The private key needs to be the same as the one used to create the integration.

  2. Encode the private key using the following command: base64 ./private.key > private.key.base64. This will save the base64 content to a new file private.key.base64.

    note note
    Extra lines can sometimes be automatically added when copy/pasting the private key. Remember to remove it before encoding your private key.
  3. Copy the contents from the file private.key.base64.

  4. Login via SSH to each container where the Adobe Campaign instance is installed and add the Project credentials in Adobe Campaign by running the following command as neolane user. This will insert the Technical Account credentials in the instance configuration file.

    code language-none
    nlserver config -instance:<instance name> -setimsjwtauth:Organization_Id/Client_Id/Technical_Account_ID/<Client_Secret>/<Base64_encoded_Private_Key>

Step 3: Update pipelined tag update-pipelined-tag

This step is not required if your Client identifier was not empty in Step 1: Create/update Adobe I/O Project.

To update pipelined tag, you need to update the authentication type to Adobe I/O project in the configuration file config-< instance-name >.xml as follows:

<pipelined ... authType="imsJwtToken"  ... />

Then, run a config -reload and a restart of the pipelined for the changes to be taken into account.