Configure Single Sign-On

There are many reasons why your company may want to use your in-house identity provider (IDP) to authenticate users in the Monetate platform, most of which focus on security initiatives:

  • It allows for different permission levels internally outside of what Monetate already offers.
  • You can verify users in any kind of security audit and verify that only verified users are using the platform.
  • Once you sign in, you're signed in to everything. You only need to remember one password.

With single sign-on (SSO), you can bring your own IDP and, with some configuration, use client-initiated SSO. Monetate currently doesn't support a Log in with Google option.

Monetate SSO currently only supports the Security Assertion Markup Language (SAML) 2.0 specification. Validate that your IDP supports SAML 2.0.

Monetate doesn't offer a sandbox environment. Contact your account manager about setting up a staging account for testing purposes.

SSO works for all accounts under your retailer.

Setting Up SSO

Follow these steps to set up SSO for the Monetate platform.

  1. Click the settings cog icon in the top navigation bar, and then select Integration.

    Callout of the Integration option in the settings menu

  2. Click the SSO tab.

    Callout of the SSO tab on the Integration page

  3. Input the information that appears in the Monetate SSO Settings section into your IDP system.

    Callout of the Monetate SSO Settings section of the SSO tab

  4. Click INSTALL SSO.

    Callout of the INSTALL SSO button on the SSO tab of the Integration page

  5. Input the necessary information in the Install SSO modal.

    The 'Install SSO' modal

  6. Click INSTALL.

    Callout of the INSTALL button on the Install SSO modal

Monetate SSO Settings

The following information appears in the Monetate SSO Settings section of the SSO tab.

Item Example
Single Sign-On URL
Metadata URL
Relay State [account shortname]
Name ID Format EmailAddress
Required Attributes
  • urn:oid:0.9.2342.19200300.100.1.3 (should send email)
  • urn:oid:0.9.2342.19200300.100.1.1 (should send email)

IDP Settings

You must input into the Install SSO modal certain information from your SSO provider. Your IT team should be able to provide you with this information.

Item Description Example
Entity ID The ID for your IDP
Location (URL) The URL for your IDP
509 Certificate The certification for the IDP used to verify a request for authorization A random string of letters and numbers

Alternatively, you can also provide the metadata file from your SSO provider.