Enable SAML Single Sign-on

Published on: Tue, 18 Apr, 2023 at 3:06 AM | Updated on: Fri, 14 Jul, 2023 at 1:25 AM

Enable SAML Single Sign-On

This feature is only accessible to specific impact.com editions or add-ons. Contact us to upgrade your account and get access!

Account administrators can enable single sign-on (SSO) for account users to access your brand's impact.com account through a supported identity provider (IDP), or via a unique sign-in link. Choose a method you prefer.

SAML single sign-on uses a connection (or connector) for impact.com with your identity provider. impact.com currently supports the following providers:

ADFS
Okta
OneLogin
Azure AD

Step 1: Upload IDP metadata file

Tip

Before beginning, make sure you have your IDP metadata file in .XML format handy — this file needs to be uploaded to impact.com.

From the left navigation menu, select [Menu] → Settings.
In the left column, go to General and select Account User Authentication.
Next to the Authentication type line item, use the drop-down menu to select your identity provider.
Use the file browser to find and upload your .XML metadata file.
At the bottom of the screen, select Save.

Step 2: Enable SAML single sign-on for account users

Tip

Each account user that will use SAML SSO must be configured individually.

From the left navigation menu, select [Menu] → Settings.
In the left column, go to General and select Account Users.
Hover your mouse cursor over a user and select [More] → Edit Access Rights
Find the Authentication Method line item and select SAML.
Note
For IDP (OneLogin, ADFS, Okta, and Azure AD) configurations, the user’s email address in impact.com must exactly match the email address for the user in your IDP configuration — mismatched email addresses do not work.
At the bottom of the screen, select Submit.

Step 3: Sign in via SSO

There are two ways to access impact.com via an SSO connection — via the identity provider's connection/connector, or by accessing a unique login link to your brand's impact.com account.

Configure a connection within your identity provider, then use that connection to sign in to impact.com.

OneLogin

In the OneLogin platform, find the Impact Partnership Cloud connection with the OneLogin App Catalog. Follow the onscreen instructions with the app to enable and configure this connection.

ADFS, Okta, and Azure AD

Create a new custom connection with the following settings:

Single Sign On URL	https://app.impact.com/saml/SSO
Recipient URL	https://app.impact.com/saml/SSO
Destination URL	https://app.impact.com/saml/SSO
Audience Restriction	https://app.impact.com
Name ID Format	EmailAddress
Response	Signed
Assertion Signature	Signed
Signature Algorithm	RSA_SHA1
Digest Signature	SHA1
Assertion Encryption	Unencrypted
SAML Single Logout	Disabled
AuthnContextClassRef	PasswordProtectedTransport

If you're not using the specific connection via your identity provider, you can use your brand's login link for SSO into the platform.

From the left navigation menu, select [Menu] → Settings.
In the left column, go to General and select Advertiser Login Branding.
Next to Login Link, copy & save the login link to distribute to your impact.com account members.

Note

All members not using SSO via your IDP must sign in to your brand's impact.com account via this link — the standard sign-in page does not support SAML.

Enable SAML Single Sign-On

Related Articles