# Set Up SSO for an impact.com Microsite via JWT
Your Advocate program's microsite typically requires your customer advocates to sign up with a username and password before they can access their share links and reward details. However, as an advanced alternative, you can instead authenticate users by generating a [JSON Web Token (JWT)](https://en.wikipedia.org/wiki/JSON_Web_Token) server-side and passing it to the microsite via a URL parameter.
Using this method, participants will not have login credentials for the microsite. Instead, they gain access by logging into your existing customer portal, which then redirects them to the microsite using the JWT to identify them and display their personalized content.
#### Before you begin
{% hint style="warning" %}
**Important:** This is an advanced implementation that bypasses the standard Managed Identity Service for the microsite and requires support from your developer team to set up.
{% endhint %}
You should only use this method if all of the following apply:
* You want to simulate a single sign-on (SSO) experience by automatically logging participants into your program's microsite.
* You can generate JWTs server-side.
* You can't or don't want to install the [Universal Tracking Tag (UTT)](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/tracking/javascript-tag-tracking/tracking-with-universal-tracking-tag-utt) onto your site.
{% stepper %}
{% step %}
### Step 1: Create a microsite without managed identity
When you create your microsite, you'll need to turn off the Managed Identity Service, then set all your pages to be accessible to "unverified" users. The *Dashboard* page will use the JWT to authenticate the user and load the microsite.
Create the microsite
First, adjust the settings to turn off the *Participant Login* option.
1. From the left navigation menu, select  **\[Engage]** **→ Content**.
2. On the *Microsite* card, select **Edit Settings**.
3. You'll then be redirected to your new *Microsite Settings* page.
4. Within the *Login* section,  **\[Toggle off]** **Participant Login**.
5. Select **Save Settings**.
Configure the Dashboard page
Next, configure your microsite's *Dashboard* page to be visible to unverified users. Then, connect the components on the page with your referral program so the right information appears.
1. Adjust your site's *Dashboard* page settings.
* From the left navigation menu, select  **\[Engage]** **→ Content** → **Setup Content** or **Edit Content**.
* From the *Microsite* tab, select **Dashboard** in the *Logged In Layout* section.
* Select  **\[Menu] → Settings**.
* From the *Allowed users* drop-down list, select **Unverified**.
2. Add your program ID to the components on the *Dashboard*.
* User Stats — You must add the ID to each individual user stat you choose to display.
* Share Link
* Referral code
* Social media buttons — You must add the ID to each individual social media share button you choose to include.
3. At the top-right corner, select **Save**.
For help with using the editor to find and adjust your page and component settings, refer to [Microsite Editor Explained](https://help.impact.com/brand/what-would-you-like-to-learn-about/advocate-program/manage-advocate-participant-experiences/microsite-experiences/microsite-editor-explained) and [Customize Microsite Layouts & Pages](https://help.impact.com/brand/what-would-you-like-to-learn-about/advocate-program/manage-advocate-participant-experiences/microsite-experiences/customize-microsite-layouts-and-pages).
Remove unnecessary pages
Remove the layout and pages that your microsite won't use.
1. Hover your cursor over the page or layout.
2. Select  **\[More]** **→ Delete**.
3. Remove the *Logged In Layout*.
4. Remove the following pages:
* Edit Profile
* Email Verification
* Forgot Password
* Login
* Logout
* Register
* Reset Password
* Verify Email
{% endstep %}
{% step %}
### Step 2: Generate the JWT
The JWT structure follows standard Advocate requirements for user authentication. If you've integrated Advocate before, you're likely already generating similar tokens for UTT.
You must generate the JWT securely on your server or any trusted backend system—never in the browser.
Learn how to [generate a JWT and the payload requirements](https://integrations.impact.com/impact-brand/docs/json-web-tokens).
{% endstep %}
{% step %}
### Step 3: Append the JWT to the microsite URL
Once the user is logged into your platform, redirect them to the microsite with the JWT included in the URL query string.
{% hint style="info" %}
**Example:** `https://your-microsite.squatch.app/?jwt=`
{% endhint %}
You can either open the microsite in a new browser tab, or embed the microsite in your app using an iframe. If you decide to embed the microsite, make sure you handle [cross-origin resource sharing (CORS)](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) and browser restrictions appropriately.
{% endstep %}
{% endstepper %}
#### Notes
* If you use this authentication method, users won't have login credentials for the microsite.
* JWT-based access must be tightly controlled. Don't expose or manipulate it in client-side JavaScript.
* This is a non-standard approach — test it thoroughly in your staging environment before rolling out your program.
* If you need [support](mailto:saasquatch-support@impact.com), include your microsite URL, implementation details, and a sample JWT payload in your support request.
