Persado supports single sign-on (SSO) through Security Assertion Markup Language (SAML). Setting up SSO:
✅ Allows you to control user permissions without needing to engage Persado.
✅ Enables user accounts with Persado to be created automatically with standard configuration.
✅Eliminates the need for an additional Persado username and password. With SSO, we’ll integrate with your identity provider so you can securely access multiple platforms using a single login.
Typical SSO Process
Detailed SSO Workflow
Persado currently supports SSO through SAML. We use Okta to serve as an intermediate between Persado Portal and an external identity provider. The full flow can be summarized as:
Persado Portal Sign-in Page → Sends Service-Provider (SP) authentication request to Customer via Okta → User sign-in via SAML to Okta → Okta forwards the successful authentication to Persado Portal
Step 1: Information Passed to Establish SSO (Share Metadata)
For the SAML connection, we need:
IdP information. You can provide us with the following or also share via metadata xml file:
IdP Issuer URI/Entity ID
IdP Single Sign-On URL
IdP Signature Certificate
The same attributes as below to support Just-in-Time (JIT) provisioning and updates: firstName, lastName, email
With the above we will send back the assertion consumer service URL and audience URI, or provide a copy of Persado’s metadata XML.
A list of all email domains that may need access to Persado Portal (for instance, if different markets have different email domains).
Once we have the above information, we’ll get the process rolling with our engineering team!
Step 2: SSO Configuration
Portal Configuration Options
There are 2 different options for configuring users in your Portal account:
Option 1: All users are automatically granted access to all “child accounts” (i.e., separate accounts underneath your brand) within Portal. All user roles automatically set to Admin.
Option 2: Each user is granted access to specific child accounts within Portal. User roles may be assigned as either Admin or Regular. This can be configured for each new user by either…
Recommended: Your team. You create a list of users and their respective account and role access in advance. Every time the user logs into Portal via SSO, the desired account and role access is set based on this list. See below for more information on admin vs. regular users.
The Persado team. Note that each time you wish to add a new user, you will need to manually request this from Persado via email and include necessary details.
Types of Portal Permissions
You can reference the permissions matrix below if you are unsure of how a user should be added.
By default, all of Persado’s customer’s users that attempt to login via SSO will have ‘portal_role_admin’ access. If a customer prefers to manage individualized roles and permissions, Persado can implement this capability.
| portal_role_admin *The majority of Portal users have this role | portal_role_regular |
Best for: | Users that need to submit and approve content requests from Persado | Users that only need to review content |
Can submit and edit campaign requests | X |
|
Can approve Variants | X |
|
Can comment and provide feedback on Variants | X | X |
Additional details:
If a Portal user is assigned to only one account, they will only be able to perform the above actions on that account
A user can be assigned to multiple accounts
If a user is assigned to multiple accounts, they will automatically get access to the parent account.
Step 3: Launch
Prior to launch, please align with your Persado Customer Success representative on launch timing and communication with all users to ensure a smooth transition.
Conclusion
To configure Persado's Portal with SSO, reach out to your Customer Success representative!