7.3.1.3 How are external Login Credentials secured within ADvendio? -> Breaking Change with ADvendio Summer 2020 (2.130)

Challenge

To connect external systems like AdServers, DSPs or SSPs to ADvendio, you often have to enter credentials like usernames, passwords or API tokens to these systems and save them within ADvendio.

You don’t want to have all your users being able to see these or access these credentials, so how can you protect these?


Solution

Coming with our new version 2.130, all credentials to external systems, which need to be stored in ADvendio, will be automatically encrypted.

Why are we doing this?

Depending on the integrated system, we need to store certain login information in ADvendio in order to grab data from or push data to these systems. In the past this meant, that all users with direct access to the connection objects, can see these information. With adding the encryption, we can make sure, that ADvendio can still access all external systems, but nobody within your Salesforce Org will be able to copy and paste these login credentials.

What does this mean to you?

Once a password or access token is written into a Connection Record, the string is automatically encrypted, so you won’t be able to identify the password or copy and paste it.

Before the encryption:

After the encryption:

Our Gateway will still be able to read the information needed.

So what does this mean for you or your System Administrator?

First of all not much will change. You can access the Connect related features like submitting a campaign or getting delivery data as usual. Also with the installation of Version 2.130 or higher, your saved credentials will automatically be encrypted. There is no further steps you need to do.

Recommendation: Although there are no steps you need to do, we recommend to do a quick test of your connections to external systems, once the installation of the update is complete. It’s sufficient to open every connection record and press the check login button.

 

What happens if credentials are not encrypted? Or if the encryption failed?

If the encryption of some credentials fails, you will receive a specific error message, which reads the following:

The authentication credentials are currently not encrypted in ADvendio. (Message key: ERROR_ENCRYPTED_DATA_CORRUPTED )

This happens during every process which involves communication with an external system, like Submit, Check Availability, Delivery Data Import or Transfer.

 

This might also happen if only a single one of your connections is not properly encrpyted.

What can you do?

  • Go to each of your Connection and Additional Login records

  • Check the password and additional password fields for password

  • The encryption string is always 100 digits long, so you should be able to identify if it’s already encrypted or if it’s your login password

  • For Google AdManager and Display & Video 360: Please use the “Generate Google OAuth Token” button to generate a new login token. During the guided process you will be asked to enter your Google Credentials once.

  • For Xandr, Smart, Freewheel, Adswizz, Datorama and other:

    • Copy the password / additional password that is currently entered

    • Empty out the password / additional password field in Salesforce and save the connection record.

    • Edit the fields again and paste in the password, which you previously copied. Once you click the save button, the encrypted credentials are saved.

  • Once done, use the check login button, to see if the connection works

 

 


Setup

As mentioned above, there a no further steps needed to be done. The encryption will take place automatically as soon you install the latest update of ADvendio.

If you need to change the password of a connection you can do so by simply editing the record.

Remove the encrypted string and enter your new password.

Once you click save, ADvendio will automatically encrypt the string and you’re good to go.

Please note, that with these changes, you will not be able to simply copy an encrypted string from one connection to another, as the encryption will run again, rendering the password unusable.