About Marketing Platform security features

The security features in Marketing Platform consist of a central repository and web-based interface where IBM® EMM internal users are defined and where users are assigned various levels of access to functions within IBM EMM applications.

IBM EMM applications use the security features of Marketing Platform to authenticate users, check user application access rights, and store user database credentials and other necessary credentials.

Security technologies used in Marketing Platform

Marketing Platform employs industry-standard encryption methods to perform authentication and enforce security across all IBM EMM applications. User and database passwords are protected using a variety of encryption technologies.

Permission management through roles

Marketing Platform defines the user's basic access to the functions within most IBM EMM applications. In addition, for Campaign and Marketing Platform, you can control a user's access to functions and objects within the application.

You can assign various permissions to roles. You can then manage user permissions in either of the following ways.

  • By assigning roles to individual users
  • By assigning roles to groups and then making users a member of that group

About Campaign partitions

Marketing Platform provides support for partitions in the Campaign family of products. Partitions provide a way to secure the data associated with different groups of users. When you configure Campaign or a related IBM EMM application to operate with multiple partitions, each partition appears to application users as a separate instance of the application, with no indication that other partitions exist on the same system.

About groups

A subgroup inherits the roles assigned to its parents. An administrator can define an unlimited number of groups, and any user can be a member of multiple groups. This makes it easy to create different combinations of roles. For example, a user could be an eMessage administrator and a Campaign user with no administration privileges.

A group can belong to only one partition.

Data source credential management

Both users and administrators can set up the user's data source credentials in advance, so the user is not prompted to provide data source credentials when working with an HCL application that requires access to a data source.

Integration with external user and group management systems

Marketing Platform can be configured to integrate with external systems that are used to manage users and resources centrally. These include Windows™ Active Directory Server, other supported LDAP directory servers, and web access control platforms such as Netegrity SiteMinder and IBM Tivoli® Access Manager. This reduces errors, support costs, and the time needed to deploy an application in production.

Federated authentication

Marketing Platform supports SAML (Security Assertion Markup Language) 2.0 federated authentication, which enables single sign-on access among diverse applications.

You can use federated authentication to implement single sign-on between IBM EMM applications and other HCL applications or third-party applications.

The Marketing Platform installation includes the following components that support federated authentication.

  • An identity provider server WAR file.
  • A client JAR file that you can use with Java™ applications to generate and parse SAML 2.0 assertions. The Java products that you integrate with IBM EMM use the assertions to communicate with the identity provider server.

Data filters

Marketing Platform supports configurable data filters that allow you to specify data access restrictions in IBM EMM products. Data filters make it possible to restrict the customer data that an IBM EMM user can view and work with in HCL applications.