Help Center

| Submit or View Help Requests | Developer Docs |

View desktop instructions
View mobile app instructions
Enable SAML Single Sign-On

Account administrators can enable single sign-on (SSO) for account users to access your brand's impact.com account through a supported identity provider (IDP), or via a unique sign-in link. Choose a method you prefer.

SAML single sign-on uses a connection (or connector) for impact.com with your identity provider. impact.com currently supports the following providers:

  • ADFS

  • Okta

  • OneLogin

  • Microsoft Entra ID

Enable SAML Single Sign-On

This feature is only accessible to specific impact.com editions or add-ons. Contact us to upgrade your account and get access!
Step 1: Upload IDP metadata file

Before beginning, make sure you have your IDP metadata file in .XML format handy — this file needs to be uploaded to impact.com.

  1. From the left navigation menu, select ellipsis-v-solid.svg [Menu] → Settings.

  2. In the left column, under General, select Account User Authentication.

  3. Next to the Authentication type line item, use the caret-down-solid.svg drop-down menu to select your identity provider.

  4. Use the file picker to find and upload your .XML metadata file.

  5. At the bottom of the screen, select Save.

    63d3b435d1f31.png
Step 2: Enable SAML single sign-on for account users

The following instructions need to be completed for each individual user that will user SAML SSO:

  1. From the left navigation menu, select ellipsis-v-solid.svg [Menu] → Settings.

  2. In the left column, go to General and select Account Users.

  3. Hover your mouse cursor over a user and select ellipsis-h-solid__1_.svg [More] → Edit Access Rights

  4. Find the Authentication Method line item and select SAML.

  5. At the bottom of the screen, select Submit.

Step 3: User sign in via SSO

There are two ways to access impact.com via an SSO connection — via the identity provider's connection/connector, or with a unique login link to your brand's impact.com account.

Configure a connection with your identity provider, then use that connection to sign in to impact.com.

Important: For IDP (OneLogin, ADFS, Okta, and Microsoft Entra ID) configurations, the user’s email address in impact.com must exactly match the email address for the user in your IDP configuration — mismatched email addresses do not work.

OneLogin

In the OneLogin platform, find the Impact Partnership Cloud connection with the OneLogin App Catalog. Follow the onscreen instructions with the app to enable and configure this connection.

ADFS, Okta, and Microsoft Entra ID

Create a new custom connection with the following settings:

Single Sign On URL

https://app.impact.com/saml/SSO

Recipient URL

https://app.impact.com/saml/SSO

Destination URL

https://app.impact.com/saml/SSO

Audience Restriction

https://app.impact.com

Name ID Format

EmailAddress

Response

Signed

Assertion Signature

Signed

Signature Algorithm

RSA_SHA1

Digest Signature

SHA1

Assertion Encryption

Unencrypted

SAML Single Logout

Disabled

AuthnContextClassRef

PasswordProtectedTransport

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.