1 Reply Latest reply on Mar 8, 2018 4:12 AM by Michael Obermaier

    Security questions about ACM-CRM connection

    gabor.horvath Novice



      I have received the following questions from our CRM customer regarding the introducing ACM in context of Aurea Enterprise Edition:

      1. How does the communication between CRM and ACM works?

      My understanding is, that the communication from CRM to ACM (and also from ACM to CRM) is always initiated by the local CRM.Server. But how does the data transfer go? Are there Webservices from ACM Middleware that CRM.Server consumes? Does the communication run over HTTPS?

      2. For running the campaign in ACM there must users created in ACM. Is there a limitation for the number of users regarding EE? Are there up to 5 users for free?

      3. The users for ACM must be created in ACM (I have already found to documentation about this). Are there any password security rules available in ACM? E.g. regarding the length, complexity of the password, validity of the password (90 days), etc.

      4. If a E-Mail campaign is finished in CRM, is there a way to trigger the removal of customer data for this campaign from ACM?


      If you have any documentation describing those themes, please give a hint - I was not able to find this in the support portal...




        • Re: Security questions about ACM-CRM connection
          Michael Obermaier Novice

          Hi Gabor,


          thank you for your questions - please see below our answers.


          #1 There are a couple of API calls initiated directly from CRM.web (e.g. create a list, its attributes, a message, or a segment. Query attributes to map CRM fields). There are API calls that are done by the CRM.server, such as creating members (aka transferring the CRM target group to Campaign Manager). And, there are messages that CRM.server receives from the so called Sync.Middleware that is polling Campaign Manager for state changes (sent messages, opens, clicks, unsubscribes, etc.)

          Communication is done via SSL.


          #2 There is no limitation of users in Campaign Manager.


          #3  Password Syntax Rules

          Strong passwords are required – 8 characters or more, and contain a combination of 3 or more of the following:

          • Upper case letters

          • Lower case letters

          • Numbers

          • Symbols


          Password Expiration and History

          Passwords expire and must be changed every 90 days. The last 5 passwords are tracked and not allowed for re-use. Accounts are deactivated after 30 days of inactivity.


          #4 There is no standard functionality. But, you could customize a button / trigger (program call) that would call the API and e.g. delete the list (including all messages, members, and interactions)


          Kind regards