Enabling single sign on (SSO) allows your users who have logged in to your identity platform to access LiveRamp applications without having to re-enter any credentials. Likewise, removing a user from your identity provider prevents them from logging in to any LiveRamp applications.

Configure Your Identity Provider

To enable LiveRamp SSO, perform the following steps:

  1. Configure a SAML 2.0 app
  2. Use the app to send SSO information to your LiveRamp representative
  3. Use the information provided by your LiveRamp representative to complete the configuration

Configure a SAML 2.0 App

Configure a new SAML 2.0 application in your identity provider, with the following additional guidelines:

  • You can use dummy values for the “ACS url” (a.k.a “SSO url”) field and for the “Audience url” field.

After you send the SSO information to LiveRamp, your LiveRamp representative will provide you with the correct values for those fields.

  • Include a “NameID” in the app’s SAML assertions. This “NameID” might look like the following: 

<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">userName</saml2:NameID>

  • Include these three required SAML attributes (lowercase):
  • “firstname”
  • “lastname”
  • “email”

The required attributes in your SAML assertion should look similar to the following:

Send SSO Information to Your LiveRamp Representative

Once your app is created, submit the Identity Provider Set-up Form: https://docs.google.com/forms/d/1fjgzgwKtjUdfzg1yXSY92xSqg0qYTNV__R5RqFoecww/edit 

Your LiveRamp representative will reply with the URL to use to replace the dummy values in the “ACS url” and “Audience url” fields.

Finish the Configuration

Once your LiveRamp representative has provided the URL to use in the “ACS url” and “Audience url” fields, go back into your app and replace the dummy values with the new URLs.

Once you enter the new URLs into your app, the configuration is complete. See the “Log In To LiveRamp Applications” section to begin using LiveRamp applications.

Log In To LiveRamp Applications 

After you’ve finished configuring your identity provider, you can start logging into LiveRamp applications immediately. You can log in directly from your identity provider or from the LiveRamp application itself.

Log In From your Identity Provider

If your identity provider allows for IdP-initiated flows, you can log into LiveRamp applications directly:

  1. Initiate a login from your identity provider.
  2. You will now be authenticated with the LiveRamp application.

Log In From a LiveRamp Application

The following instructions will use Connect as an example application.

1. Navigate to your LiveRamp application (in this case, https://connect.liveramp.com).

2. From the login popup that appears, click “Log in with identity provider”.

3. Enter the unique company identifier that your LiveRamp representative sent to you while completing the configuration process, and then click Log In.

4. Enter your email address and then click Next.

if you are not already logged in to your identity provider,you’ll be directed to your identity provider. Log in with your identity provider credentials.

After logging into your identity provider, you will be directed back to Connect.

Assign Users to Connect

All users from your identity provider will be able to log in to Connect. However, they cannot view your customer information until they are granted permission. Only admins can assign new users to a customer. 

If you are an admin-level user, see “Add Users to Your Company Account” for instructions.

Your feedback is vital to improve our help content.

Updated 7/7/20.