Security Settings in Eloqua: A Guide to Getting Started
Security settings in Eloqua are divided among two main areas — Contact Level Security and Security Groups. These two functions work together to control exactly what users are able to see and do within Eloqua. In this blog post we’ll look at how these settings are configured to help you begin enabling and customizing these features in Eloqua.
Security Settings in Eloqua:
Security Groups
Sometimes referred to as asset security or User Groups, Security Groups control what individuals can see and do when logged into Eloqua. Through Security Groups, you can control which areas users are allowed to navigate to, the assets that are visible to them when logged in and the range of actions they can perform with different assets.
Each instance of Eloqua comes with 7 preconfigured Security Groups that cover the typical roles within a Marketing team. Customer Administrator is the highest setting giving these users complete access to all assets and Executive Users among the lowest. For most organizations, these groups cover all needs, but there are times when a custom group will be needed to meet the requirements of a specialized team or individuals outside your organization.
Some common examples are a production agency that should not have access to anything other than emails, an analytics & reporting team that needs to see only contact information or a group of super users that need a higher level of access, but not quite Admin level. These scenarios can all be handled by custom Security Groups but before you get started there are a few helpful things to know.
- Have good documentation — It’s important to keep a detailed list of all custom User Group configurations. An easy way is to download with Eloqua’s Default Security Group Matrix and add columns to capture the settings of your new groups. It’s also handy to reference Oracle’s documentation on Security Groups for detailed descriptions and definitions of each area of Security Groups. Or, download this Eloqua Security Groups Matrix.
- Be mindful of child assets — If you’re creating a group with narrowly focused access to as specific type of asset, be sure to include permissions for the common components of that asset. For example, if you are creating a custom Security Group for emails creators, you’ll need to include access to Email Groups, Headers and Footers. Without permissions to these important child assets, users assigned to this group will be unable to effectively build new emails.
- Define testing scenarios — Identify as many tasks as possible that members of the new Security Group will be performing. Security Group settings are very detailed, so knowing all of the group’s requirements will hep you make quicker, more accurate decisions as you set it up.
- Assess the backfill — Pre-existing assets are not automatically visible to new Security Groups. Every email, form, landing page, etc. that is already in the system will have to be opened individually and have its permissions updated to include your new Security Group. Potentially, this could be a large task and you’ll want to allocate enough time and resources to make these updates.
Contact Level Security
The other main security feature in Eloqua is Contact Level Security. This allows you to make groups of contacts visible to certain users and invisible to others. It’s commonly used by organizations in the health care and financial industries where sensitive contact information stored in Eloqua often needs to be restricted to a smaller group of certified users. It’s also commonly used to control a Sales Team’s access to ensure that Reps can only email certain contacts through Engage.
By default, CLS is not enabled in Eloqua and requires an Admin to configure and activate. When enabled, a tagging system is used to label contacts and Users are granted access to Labels can be aligned by geographical region, by company or by any field in the contact table or in a custom data object. Security Groups are then given permission to view contacts with specific labels.
As an example, your Sales team uses Engage to send messages to contacts and you need to prevent your US Sales team from emailing contacts outside of the US. To do this, you’d create a label named “United States” and assign that label to all contacts with a country value of US. Next set the Security Group for Sales Users to have access only to contacts with the United States label and your US Sales reps will not have any access to contacts from Canada, Mexico or any other country.
Before you set up CLS, there are some risks to be aware of. Contact Level Security is a powerful feature and once activated can lead to some unintended consequences. If not configured properly, Marketers can be left unable to access contacts that they should be able to see with no easy way to know there’s a problem.
- Understand your data, and its potential gaps — Sometimes your own data can be misleading and can cause gaps in CLS. Take country as an example. Say you have a contact that works for a parts manufacturing company in Seattle but the company is headquartered in Canada. If that contact’s country is set from CRM or from their account, the value could end up as Canada making the contact invisible to your US marketing team.
- Keep it Simple — Align security around large, common boundaries. Pick one data point to base your labels on. Building too much complexity into you label assignment rules can easily lead to gaps where contacts that should be visible to your marketing teams aren’t, or allow users to view contacts they should not have access to.
- Make it part of routine testing — Every time you launch a new form or set up a new integration, do a CLS check. Make sure that new contacts entering through those channels have the necessary data to be labeled correctly and are visible to the right users.
If you are considering your own Eloqua security enhancements and need some help, contact us today! We offer expert consulting services and can asses your needs to craft the right security solution for your organization.
Thank you for subscribing!