NOTE: Securing any Marketo domains requires the "Secured Domains" product first be added to your subscription. A base offering will be automatically added to all customer subscriptions at next renewal, but to make any SSL or domain changes, or purchase coverage for additional domains, please contact your Marketo Customer Success Manager (CSM) for more information.
Marketo’s Secured Domains for Landing Pages secures any and all landing page domains defined in your instance to be served via HTTPS. Serving your pages securely assures that you’re providing critical security and data integrity for both your pages and your visitors’ personal information.
Below you’ll find the 5-step process to secure your Marketo landing pages with Marketo’s Secure Domains for Landing Pages. Please note, there is an automated support case that gets created on your behalf when the purchase of Secured Domains for Landing Pages is completed.
Step 1. Verify your Landing Page Domain, CNAMEs and any Domain Aliases are setup
Before you can secure your landing page domains and any domain aliases (subdomains), you must first set these up in Marketo. If you are a new Marketo customer working through your implementation, please work with your implementation consultant on the landing page domain(s) setup and timing to cut over to HTTPS. If you’re securing your landing page domains for a previously implemented instance, please verify that your domains and domain aliases (subdomains) are set up in your instance. Below are some links to help:
Edit Landing Page Settings – to set you Landing Page Domain
Customize Your Landing Page URLs with a CNAME – to understand and set up CNAMEs (subdomains)
Add Additional Landing Page CNAMEs – to set up multiple CNAMEs in your instance (subdomains)
Be sure your redirect rules and domain aliases are updated to use https:// instead of http:// .
Step 2. Edit and update the HTML code of your existing landing page templates to HTTPS
Next, you'll need to review and update your Marketo landing pages to ready them to be served securely. Please complete the following two actions in order before moving on to Step 3:
If you purchased Marketo before January 2016, please un-approve and immediately re-approve all landing pages last updated before January 2016. This can be done in bulk in the Landing Pages section of Design Studio by selecting a group of pages for un-approve/re-approve via the “Landing Page Actions” menu. We recommend completing this step in batches of a maximum of 10-20 pages at a time. Instructions for doing so can be found here: Approve Multiple Landing Pages at Once - Marketo Docs - Product Documentation.
You can see the "Last Updated" timestamp in the Landing Pages section of Design Studio.
Open the HTML code for each landing page template. C hange all URLs listed in the HTML currently formatted as "http ://" to instead read "https://"
TIP: Ctrl+F "http" to automatically highlight all URLs that must be updated:
Simply add "s" after each http reference until ALL have been updated to https
Missing even one URL's http reference will cause the "Mixed Content" browser warning: vs.
SAVE THE PAGE AS A DRAFT
Do not approve the draft. You will approve the drafts after Support activates SSL in Step 4.
NOTE: Once you secure your Marketo landing pages to be served over HTTPS, you should not link to HTTP (unsecured) assets or pages from your secured landing pages.
For more detailed guidance, please see our recorded instructions below
Video Link : 2237
Step 3. Respond to the TSE via the existing support case
The TSE will then begin the process on our end to generate certificates to cover all the domains and subdomains configured in your instance.
Once notified, please allow 3 business days for Marketo to create your secure server endpoint. Marketo's Support team will contact you when this is complete. We appreciate your patience during this 3-day setup process.
Step 4. Marketo Support Will Activate Your Secured Domains for Landing Pages
Once we've generated and issued the necessary SSL certificates for your domains, we'll notify you that it is done and activate SSL for your Landing Pages.
NOTE: There will be a brief "cut-over" period between when HTTPS is enabled by the TSE and when you are able to complete Step 5 below. During this time, landing pages may show up to customers with a mixed-content warning; however, all links and emails will continue to work properly without disruption, and your customers are not at any risk. Be ready to complete Step 5 quickly once instructed to minimize this period.
Step 5. Re-approve your landing pages and verify success
Once your Support Engineer has activated the switch to HTTPS for your instance, y ou must immediately take the following actions:
Approve all draft pages that you edited from Step 2 above. This can be done in bulk in the Landing Pages section of Design Studio by selecting a group of pages to approve via the “Landing Page Actions” menu.
If you include a Marketo landing page on a secure website using an iframe, you will need update the HTML to load the secure version of the landing page, otherwise the end user will get a security warning.
Verify your pages are loading and rendering as expected. Contact Marketo Support with any issues you may encounter.
Questions & More Information
For more information, including and FAQ, please see the Marketo Secured Domains for Landing Pages Overview & FAQ.
Is this article helpful ?
Issue Description The support admin for your Marketo instance has moved on to another position or is no longer with the company and you need to update the Support Admin information. Issue Resolution Please contact the CSM for your account to have the Support Admin information updated. If you do not have the contact information for your CSM, please email MarketoCares@marketo.com for assistance.
Issue Description When setting permissions for a new user role, you need to know the difference between the List Import and Advanced List Import permissions. Issue Resolution Advanced List Import gives the user access to the List Import Mode control in the List Import dialogue box. Users with Advanced List Import permissions can choose between the Default (Fast Import) option, or the Skip new leads and updates option. The Skip option will only add existing leads to the static list and will skip any new/unknown leads in your uploaded CSV or TXT file.
Issue Description After updating the Unsubscribe HTML and Text in Admin>Email, newly added tokens may not render as expected. Issue Resolution To resolve the behavior, you'll need to do the following after updating the Unsubscribe settings in Admin: 1) Navigate to the various emails within the instance and un-approve them. May require removing references to the email first. 2) Re-approve the emails. 3) Add back any references to the email asset. Why this needs to be done: When the email asset is approved it goes through a validation process for all the tokens that are used and this includes the global unsubscribe settings. When editing in Admin >Email > Unsubscribe the validity of tokens is not checked upon saving those changes. If a invalid token is added, something like lead.nonExistingField, no errors are thrown and it'll return that string value. The verification is done when the "approve" email functionality is used on email assets. This steps retrieves valid tokens list used in the email and adds/updates them in a backend table for use/reference. The update to the global unsubscribe settings doesn't cause the stored information to reference the newly changed settings in Admin. To cause that validation process to go through successfully and update the information on the back end, you'll need to un-approve and re-approve the various emails within the instance to use the new global settings.
Every link you include in your Marketo emails will have a tracking code automatically appended when sent. For those in highly regulated industries, your company may require that you securely encrypt the Marketo tracking links. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails. Setting Up Secured Domains for Tracking Links instructions - Setting Up Secured Domains for Tracking Links Do I NEED Secured Domains for Tracking Links? Secured Domains for Tracking Links ensures that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which more and more companies are choosing to enforce that tells the browser all subsequent requests for resources on that domain to be loaded through HTTPS. Securing your tracking links has additional benefits some companies find valuable: - HTTPS is displayed instead of HTTP when hovering over the link within the email (for those provisioned post- Apr 15, 2019 - please open a support case if you're unsure or want HTTPS display enabled) - It prevents the browser from temporarily displaying a "Not Secure" warning instead of the Lock icon (to the left of the address bar) while redirecting to your landing page - Secured links may help improve deliverability, as that is a ranking factor in their algorithms. If you have HSTS implemented on your top-level domains or sub-domains, you WILL NEED Secured Domains for Tracking Links. Additional information on HSTS and how to check if your company has it implemented can be found here: SSL: The HSTS policy and your Marketo subdomains Other Helpful FAQs How many domains can I secure with the Secured Domains for Tracking Links? Each Secured Domains for Tracking Links covers up to 2 tracking links domains. Contact your Marketo Customer Success Manager for scoping/pricing/quote. Each Domain can have up to 40 sub-domains/CNAMEs. How is the Secured Domains for Tracking Links product different than the Secured Page Services, SSL for Tracking Links service? Unlike the older Secured Page Services, SSL for Tracking Links service, the newer Secured Domains for Tracking Links product generates and manages all certificates needed for secured tracking links. This eliminates the need for you to share certificates and private keys with Marketo, making it a more secure process. And, because Marketo automatically renews the certificate, you no longer risk missing it's expiration date and having a lapse in your end-users' experience. What setup/configuration is required before securing my Marketo Tracking Links? You must configure your CNAMES for Email Tracking links. More information here: https://nation.marketo.com/docs/DOC-1103-brand-your-tracking-links Can I secure my tracking links without securing my Marketo landing pages? Yes, but it's not recommended. Due to 2018 browser updates, any website not secured will display a "Not Secure" warning. Do I need to provide a TLS/SSL Certificate? Marketo’s new Secured Domains products manage all aspects of procuring, managing and renewing certificates for you. You do not provide the certificates with Marketo's Secured Domains products. What Certificate Authority issues the certificate(s) for the Marketo’s Secured Domains for Landing Pages product? The certificates are authored by DigiCert. What type of certificate is provided? We produce a pack of two certificates; The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC. Will my domains be on a shared SSL certificate with other companies? No. As part of our Secured Domains products, each of your fully qualified domain names will get its own certificate. That means you will not be on a shared certificate with other companies. Can I provide my own SSL certificate(s) to secure my domains? Marketo no longer accepts customer-provided certificates unless it is an EV certificate.
For those in highly regulated industries, your company may additionally require that you securely encrypt the Marketo tracking links embedded in Marketo emails. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails. Overview & FAQ - Overview & FAQ: Secured Domains for Tracking Links What's Changing Marketo has discontinued the Secured Page Services: SSL for Tracking Links service and its manual certificate renewal process. This is being replaced with the Marketo Secured Domains for Tracking Links product which provides all needed certificates and manages renewals automatically. Action Required To secure your email tracking links, contact your Marketo Customer Success Manager to add the Secured Domains for Tracking Links product to your subscription. Once you’ve purchased Secured Domains for Tracking Links for your instance: An automated message will be sent to the Support Admin on your account They will need to respond to the message with the Munchkin ID of the instance needing Tracking Links set up. Responding to this case will auto generate a Support Case for a Marketo technical support engineer to help complete the process. Marketo will then have certificates generated to cover all the domains and subdomains that you’ve set up in your instance. Within 3-business days, we will create a secure server endpoint. Please plan accordingly for this 72-hour turn-around-time. Do I need Secured Domains for Tracking Links? Secured Domains for Tracking Links ensure that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which forces all subsequent requests for resources on that domain to be loaded through HTTPS. If you have implemented HSTS at your site on any domain that you are choosing for either your Landing Page CNAME or your branded email tracking links domain, you will need Secured Domains for Tracking Links and/or Secured Domains for Landing Pages. How is the new Secured Domains for Tracking Links Better? With Marketo’s new Secured Domains for Tracking Links product, you no longer have to provide renewal/updated certificates to Marketo. We’ll procure any necessary certificates and manage their renewals automatically – giving you a more secure and convenient solution for securing your links in emails! Do I have to upgrade? An upgrade is required. Marketo no longer supports the legacy Secured Page Services: SSL for Tracking Links certificate renewal process. Will my tracking links automatically convert to HTTPS? You will not see tracking links in your Marketo emails changed to HTTPS (they will remain prefixed HTTP). However, when an end user clicks the link, if HSTS is enabled for the domain in the link being clicked and the browser is aware, the request will be automatically changed to HTTPS by the browser and served securely via HTTPS before re-directing to the destination of the link. This means that no insecure connection occurs because the browser recognizes the HSTS security policy. HSTS preload is required for this to work. If a tracking link top level domain is not on the HSTS preload list, then link clicks will be insecure until the browser becomes aware of the HSTS policy on the target domain by visiting the site. Will my old links in emails continue to work? Links in emails will continue to function normally. Is this article helpful ? YesNo
Issue Description The smart campaign has a last modified date of x, however, it does not have any details of any change on date x in the audit trail. Issue Resolution The smart campaign's last modified date was updated by a campaign change that is currently not recorded in Audit trail (e.g. campaign was aborted). https://docs.marketo.com/display/public/DOCS/Change+Details+in+Audit+Trail#ChangeDetailsinAuditTrail-AssetAuditTrail To confirm, reach out to support by creating a case Is this article helpful ? YesNo
Issue Description You would like to change the displayed name for your Marketo instance. Issue Resolution Admin users for the Marketo instance can navigate to Admin > My Account > Edit Subscription Information and give the instance a friendly name of their choice. Once that is done, the name on the top left corner will change to what was input in Edit Subscription Information. Is this article helpful ? YesNo
Issue Description Will custom settings like Launchpoint integrations, API configurations and SFDC sync settings, remain in place when doing an instance copy, or will they be overwritten? Issue Resolution All permanent configuration settings which can be done to a Marketo instance are reset to the default values or settings in the destination instance. Everything is copied except for the below list: Lead Database and activity history are not copied CRM configuration is reset on the destination instance. Users are not copied. CRM Field Mappings are removed in the destination instance except for standard mappings, and must be set during the Field Mapping Stage of CRM sync initialization. RCA information is not copied. Program subscriptions are not copied. Campaign History is not Copied. CNAMES for Email links and LPs are not copied. All Account-string based properties are modified accordingly. Munchkin ID of the destination instance is preserved. Sales Insight Admin Configuration is Reset. Outlook licenses are not copied. All pre-existing data on the destination instance will be destroyed. Asset IDs for emails, landing pages, and programs will match Launchpoint and API integrations are not copied Any data that may exist on the destination instance prior to the copy process will be destroyed and replaced by the new copy.
Issue Description Is there a limit as to how many domains can be added when adding domains to Marketo Admin > Email > SPF/DKIM Issue Resolution You are able to add as many domains as you wish to the Admin > Email > SPF/DKIM. The basic requirement is that you have control over the domain DNS.
Congratulations on being the Support Admin for your company. It's a very important role for your organization and with the new Marketing Nation, the support admin role is expanding even more. Let's go over some of key things you can do as the Support Admin. You can submit support cases to Marketo Support This is one of your key abilities. Submit cases on behalf of your company to our Marketo Support Team for assistance. Manage your list of authorized contacts You have the ability to add and remove contacts from your list of authorized support contacts. This becomes important if people leave your company or if teams switch out your main Marketo users. If someone needs the ability to contact Marketo Support, you're the one to make that happen for them. Invite people to your account space (NEW) That's right,. You own the guest list to your Account space. You get to invite people from your company to this space. You can remove them from this space and you can also ban them from ever entering this space if you wanted to. This is a newly added feature within the Marketing Nation. Manage your Company Space (NEW) You're not just the Support Admin, you are the admin of this space. Adjust this space as you need it, If there are different types of content widgets or text boxes you want to add to this space, you can do it. This is a space for your company's use and benefit, so do with it as you need it. Our team is on hand to assist you with any questions you have to manage this space. You can contact us by sending an email to email@example.com . Is this article helpful ? YesNo
Question: My campaign seems to be delayed, what is going on? Answer: You may have multiple campaigns running and some of them are queued. You can use the Campaign Queue to get an overview of all running and queued campaigns in your instance of Marketo. Admin rights required. Is this article helpful ? YesNo