Help Center

| Submit or View Help Requests | Developer Docs |
| |

Enable SAML Single Sign-on

Enable SAML Single Sign-On

This feature is only accessible to specific editions or add-ons. Contact us to upgrade your account and get access!

Account administrators can enable single sign-on (SSO) for account users to access your brand's account through a supported identity provider (IDP), or via a unique sign-in link. Choose a method you prefer.

SAML single sign-on uses a connection (or connector) for with your identity provider. currently supports the following providers:

  • ADFS

  • Okta

  • OneLogin

  • Azure AD

Step 1: Upload IDP metadata file


Before beginning, make sure you have your IDP metadata file in .XML format handy — this file needs to be uploaded to

  1. From the left navigation menu, select ellipsis-v-solid.svg [Menu] → Settings.

  2. In the left column, go to General and select Account User Authentication.

  3. Next to the Authentication type line item, use the caret-down-solid.svg drop-down menu to select your identity provider.

  4. Use the file browser to find and upload your .XML metadata file.

  5. At the bottom of the screen, select Save.

Step 2: Enable SAML single sign-on for account users


Each account user that will use SAML SSO must be configured individually.

  1. From the left navigation menu, select ellipsis-v-solid.svg [Menu] → Settings.

  2. In the left column, go to General and select Account Users.

  3. Hover your mouse cursor over a user and select ellipsis-h-solid__1_.svg [More] → Edit Access Rights

  4. Find the Authentication Method line item and select SAML.



    For IDP (OneLogin, ADFS, Okta, and Azure AD) configurations, the user’s email address in must exactly match the email address for the user in your IDP configuration — mismatched email addresses do not work.

  5. At the bottom of the screen, select Submit.

Step 3: Sign in via SSO

There are two ways to access via an SSO connection — via the identity provider's connection/connector, or by accessing a unique login link to your brand's account.

Configure a connection within your identity provider, then use that connection to sign in to


In the OneLogin platform, find the Impact Partnership Cloud connection with the OneLogin App Catalog. Follow the onscreen instructions with the app to enable and configure this connection.

ADFS, Okta, and Azure AD

Create a new custom connection with the following settings:

Single Sign On URL

Recipient URL

Destination URL

Audience Restriction

Name ID Format




Assertion Signature


Signature Algorithm


Digest Signature


Assertion Encryption


SAML Single Logout




Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.