Account administrators can enable single sign-on (SSO) for account users to access your brand's impact.com account through a supported identity provider (IDP), or via a unique sign-in link. Choose a method you prefer.
SAML single sign-on uses a connection (or connector) for impact.com with your identity provider. impact.com currently supports the following providers:
Enable SAML Single Sign-On
This feature is only accessible to specific impact.com editions or add-ons. Contact us to upgrade your account and get access!Before beginning, make sure you have your IDP metadata file in .XML format handy — this file needs to be uploaded to impact.com.
From the left navigation menu, select
![[Menu]](https://paligoapp-cdn-eu1.s3.eu-west-1.amazonaws.com/impact/attachments/f01cdffa431a4d75ff09c130b66974d4-d3b5cc4952c19da1607fade39f63066b.svg)
[Menu] → Settings.In the left column, under General, select Account User Authentication.
Next to the Authentication type line item, select
![[Unchecked box]](https://paligoapp-cdn-eu1.s3.eu-west-1.amazonaws.com/impact/attachments/f01cdffa431a4d75ff09c130b66974d4-396370c2cdec89ba7d714c4c58e6845b.svg)
[Check box] SAML and use the ![[Down caret]](https://paligoapp-cdn-eu1.s3.eu-west-1.amazonaws.com/impact/attachments/f01cdffa431a4d75ff09c130b66974d4-04104f37d937fdbf4c5d4ba7bea752a8.svg)
[Drop-down menu] to select your identity provider.Use the file picker to find and upload your .XML metadata file.
At the bottom of the screen, select Save.
The following instructions need to be completed for each individual user that will use SAML SSO:
From the left navigation menu, select
[Menu] → Settings.In the left column, go to General and select Account Users.
Hover your cursor over a user and select
![[Menu]](https://paligoapp-cdn-eu1.s3.eu-west-1.amazonaws.com/impact/attachments/f01cdffa431a4d75ff09c130b66974d4-e177a55169a53da65352a87e441df82e.svg)
[More] → Edit Access RightsIn the User Signup Method section, select SAML.
At the bottom of the slide-out, select Save.
There are two ways to access impact.com via an SSO connection — via the identity provider's connection/connector, or with a unique login link to your brand's impact.com account.
Configure a connection with your identity provider, then use that connection to sign in to impact.com.
OneLogin
In the OneLogin platform, find the Impact Partnership Cloud connection with the OneLogin App Catalog. Follow the onscreen instructions with the app to enable and configure this connection.
ADFS, Okta, & Microsoft Entra ID
Create a new custom connection with the following settings:
Single Sign On URL | https://app.impact.com/saml/SSO |
Recipient URL | https://app.impact.com/saml/SSO |
Destination URL | https://app.impact.com/saml/SSO |
Audience Restriction | https://app.impact.com |
Name ID Format | EmailAddress |
Response | Signed |
Assertion Signature | Signed |
Signature Algorithm | RSA_SHA1 |
Digest Signature | SHA1 |
Assertion Encryption | Unencrypted |
SAML Single Logout | Disabled |
AuthnContextClassRef | PasswordProtectedTransport |
If the user is not using the specific connection via their identity provider, they can use your brand's login link for SSO into the platform. Follow these steps to get the login link:
From the left navigation menu, select
[Menu] → Settings.In the left column, under Branding, select Advertiser Login Branding.
From the Login Link field, copy & save the Login Link to distribute to your impact.com account members.