Deprecated - ADFS Metadata

Warning: The options to set up single sign-on (SSO) have changed. Organizations that use SSO will now see a New single sign-on tab on the Authentication settings page in Security and must set up new SSO connections by Oct. 31. This archived guidance for the now-obsolete configuration process will remain available to manage existing connections until the Oct. 31 deadline and will then be removed. For updated guidance to create or migrate SSO connections, see Single Sign-on Setup.

To enable single sign-on (SSO) with your Active Directory Federation Services (ADFS) connection, you provide your organization's name and the URL to log in through your identity provider. When you set up your connection, you can manually enter the ADFS URL or upload it as metadata. We recommend manually entering the URL so that you automatically pull your ADFS certificate through it. If you followed this recommendation, ADFS metadata updates automatically when you update your ADFS certificate and you do not need the instructions on this page.

However, if you chose to upload your ADFS metadata, you must update it manually whenever your ADFS certificate expires. For security, any uploaded metadata expires periodically, and to retain your SSO connection, you must upload the metadata when it expires.

Warning: To help prevent an accidental lockout as you manage your organization's ADFS metadata, sign in with a Blackbaud ID outside of your claimed domains with access to Authentication.

  1. Download the metadata file from your ADFS connection.

    Tip: You can access your metadata file on your server, such as at https://youradfs.domain.com/FederationMetadata/2007-06/FederationMetadata.xml.

  2. In Security, select Authentication and then select Manage SSO settings.

  3. Under Single sign-on, select Upload new metadata.

  4. Select Choose file, then browse to and select the new extensible markup language (XML) file for your ADFS connection.

  5. Select Save.