Help Center

| Submit or View Help Requests | Developer Docs |

Progress

View desktop instructions
View mobile app instructions
Enable SAML Single Sign-On

Account administrators can enable SAML single sign-on (SSO) [External link] for account users to access your brand's impact.com account through a supported identity provider (IDP), or via a unique sign-in link. Choose a method you prefer.

SAML SSO uses a connection for impact.com with your identity provider. impact.com currently supports the following providers:

  • AD FS

  • Okta

  • OneLogin

  • Microsoft Entra ID

Enable SAML SSO

This feature is only accessible to specific impact.com editions or add-ons. Contact us to upgrade your account and get access!

Warning: If you already have SAML SSO enabled and want to switch providers, you'll need help from our Technical Services team. Before you log a ticket, make sure to save your existing IDP metadata file to your local device and prepare a list of usernames that need to be migrated.

Step 1: Upload IDP metadata file

Before starting, make sure you have your IDP metadata file in .XML format handy — this file needs to be uploaded to impact.com.

  1. From the left navigation menu, select [Menu] [Menu] → Settings.

  2. In the left column, under General, select Account User Authentication.

  3. Next to the Authentication type line item, select [Unchecked box] [Check box] SAML and use the [Down caret] [Drop-down menu] to select your identity provider.

  4. Use the file picker to find and upload your .XML metadata file.

  5. At the bottom of the screen, select Save.

    Screenshot_2024-11-25_at_5_57_17_PM.png
Step 2: Enable SAML SSO for account users

The following instructions need to be completed for each individual user that will use SAML SSO:

  1. From the left navigation menu, select [Menu] [Menu] → Settings.

  2. In the left column, go to General and select Account Users.

  3. Hover your cursor over a user and select [More] [More] → Edit Access Rights

  4. In the User Signup Method section, select SAML.

  5. At the bottom of the slide-out, select Save.

    Screenshot_2024-11-25_at_6_02_44_PM.png
Step 3: Configure user sign-in via SAML SSO

There are 2 ways for users to access impact.com with SAML SSO:

  • Through your identity provider (IDP) — Configure a connection/connector in your IDP and use it to sign users in.

  • Through your brand’s unique login link — For users who do not sign in via the IDP connection.

Option A: Identity provider sign-in
  • OneLogin — In OneLogin, find the Impact Partnership Cloud connection in the OneLogin App Catalog and follow the on-screen instructions to enable and configure the app.

  • ADFS and Okta — Create a new custom connection with these exact values:

    Field

    Value to input

    Single Sign On URL / Reply URL / ACS URL

    https://app.impact.com/saml/SSO

    Recipient URL

    https://app.impact.com/saml/SSO

    Destination URL

    https://app.impact.com/saml/SSO

    Audience Restriction

    https://app.impact.com

    Name ID Format

    EmailAddress

    Response

    Signed

    Assertion Signature

    Signed

    Signature Algorithm

    RSA_SHA1

    Digest Signature

    SHA1

    Assertion Encryption

    Unencrypted

    SAML Single Logout

    Disabled

    AuthnContextClassRef

    PasswordProtectedTransport

  • Microsoft Entra ID — Create a new custom connection with these exact values:

    Field

    Value to input

    Reply URL (Assertion Consumer Service URL)

    https://app.impact.com/saml/SSO

    Reply URL (implicitly)

    https://app.impact.com/saml/SSO

    Identifier (Entity ID)

    https://app.impact.com

    Name identifier format

    EmailAddress

    Response Signing Option (Sign SAML response)

    Signed

    Sign SAML Assertion (option)

    Signed

    Signing Algorithm

    RSA_SHA1

    Digest Algorithm

    SHA1

    Encryption Certificate (optional)

    Unencrypted

    Single Logout URL

    Disabled

    Default AuthnContextClassRef (not exposed directly)

    PasswordProtectedTransport

Warning: The values you enter must match exactly with the values provided above. For example, do not add a trailing slash to the Single Sign On URL / Reply URL / ACS URL field like this: https://app.impact.com/saml/SSO/, and do not enter multiple URL values. Also, ensure the user’s email address in your IDP matches exactly with the email address for the user in impact.com.

Option B: Branded link sign-in

If a user is not signing in via your IDP, they can use a unique branded login link to access your impact.com account. To get this login link:

  1. From the left navigation menu, select [Menu] [Menu] → Settings.

  2. In the left column, under Branding, select Advertiser Login Branding.

    • Your branded link will look similar to this: https://app.impact.com/abe/Stark-Industries12345678912345/login.user?preview=t

  3. From the Login Link field, copy and save the Login Link to distribute to your impact.com account members.

Important: The only thing this branded login link is used for is letting users sign in directly to impact.com when they’re not using your IDP. Do not enter this link in your IDP’s Single Sign-On URL / Reply URL / ACS URL field.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.