Skip to main content

Preserve Attribution Through External Login or SSO Flows

Many products use an external authentication domain for signup or login — an identity provider, an SSO service, or a shared accounts domain owned by the parent company.

A typical journey looks like this:

www.yourproduct.com          → user discovers your site (SEO, Paid, Direct…)
accounts.yourcompany.com     → user signs up or logs in (external auth domain)
app.yourproduct.com          → user lands in the app and converts

Without configuration, the conversion in app.yourproduct.com may be attributed to Referral (accounts.yourcompany.com) instead of the real acquisition source.

This guide explains why this happens and how to fix it.

Why the Source Becomes "Referral"

SealMetrics counts a new entrance when the referrer is empty or comes from a domain different from your own.

  • www.yourproduct.comapp.yourproduct.com is cross-subdomain navigation of the same root domain. It is treated as internal navigation — session and attribution are preserved. See Referral vs Direct Traffic.
  • accounts.yourcompany.comapp.yourproduct.com is a cross-domain jump. The auth domain becomes the referrer, SealMetrics detects a new entrance, and the original source (SEO, Paid, Email…) is overwritten by Referral.

The problem is never the subdomain change — it is the external domain in the middle of the journey.

The Fix: Referral Exclusion List

Add the external authentication domain to your Referral Exclusion List:

  1. Open the settings menu in the top toolbar and click Accounts
  2. In the accounts table, click the POS Referral Bypass action in your account's row
  3. On the Referral Exclusion List screen, enter the auth domain (e.g. yourcompany.com or accounts.yourcompany.com) in the Domain field
  4. Use Add referral to add more domains if needed
  5. Click Update to save

Once excluded, SealMetrics ignores that domain as a referrer. When the user returns from the auth flow, the original session source remains active, and the conversion inherits the real acquisition channel.

This is the same mechanism used to avoid conversions attributed to payment gateways.

Checklist for Multi-Subdomain Setups

To attribute conversions correctly when acquisition happens on your public website and conversion happens in your app:

  1. Same Account ID everywhere — install the same SealMetrics pixel on the public site (www.) and the app (app.). See the SaaS implementation guide.
  2. Exclude external auth domains — add every third-party domain in the journey (SSO, identity provider, payment gateway) to the Referral Exclusion List.
  3. Differentiate areas with content grouping — use group=marketing, group=app, etc., to keep reports readable. See Content Grouping.
  4. Track signup as a conversion — fire the conversion on the post-signup page (e.g. email verification completed) so it inherits the session source.

Timing Considerations

  • 2-hour session window — the origin of the visit stays active for 2 hours, which covers virtually all signup flows, including email verification steps. See Attribution Accuracy.
  • 6+ hour gaps — if the user completes signup more than 6 hours later (e.g. opens the verification email the next day), the visit is classified as Rejoined Traffic instead of inflating Direct.

Result

With the auth domain excluded and the same pixel across all subdomains:

✔ The session started on the public website keeps its original source ✔ The signup conversion in the app is attributed to SEO, Paid, Direct… — the real acquisition channel ❌ No more conversions miscategorized as Referral from your own auth domain

Last updated on