Deprecated - Single Sign-on Setup
Warning: The options to set up single sign-on (SSO) have changed. Blackbaud has a new SSO authentication service to enhance security and stability, and organizations that use SSO will now see a New single sign-on tab on the Authentication settings page in Security where they must set up new SSO connections by Oct. 31. This guidance will remain in place for existing connections until the Oct. 31 deadline but will be removed entirely after that. For the new guidance, see Single Sign-on Setup.
In Security, organization admins can enable single sign-on (SSO) to require users to sign in to Blackbaud solutions through their organization's identity provider (IdP) instead of Blackbaud's secure authentication service or social sign-ins. Blackbaud ID supports SSO through:
-
Microsoft Azure Active Directory (AD)
-
Security Assertion Markup Language (SAML) 2.0 IdPs, such as Google Workspace, OneLogin, Shibboleth, or Central Authentication Service (CAS)
-
Microsoft Active Directory Federated Services (ADFS)
-
Okta
-
Google Workspace
Tip: For SSO through Microsoft Active Directory network credentials, set up a connection with Azure AD, ADFS, or a SAML 2.0 IdP that support Active Directory.
With SSO enabled:
-
Your users' Blackbaud IDs redirect to your IdP, where they sign in to Blackbaud solutions with the same credentials as other authorized applications.
-
Information technology admins manage and support your organization's authentication needs — such as password requirements and lockouts — through your IdP.
Tip: To have someone else set up SSO, or to configure these settings with a different Blackbaud ID, select Invite another admin to configure and add a new organization admin.
To set up SSO, select the connection that your IdP requires on the Authentication settings page in Security.
-
For Microsoft Azure Active Directory, select Use Azure AD. For more information, see Azure AD Setup.
-
For Security Assertion Markup Language (SAML) 2.0, select Use SAML 2.0. For more information, see Deprecated - SAML 2.0 Setup.
For information about specific SAML IdPs, see:
-
For Microsoft Active Directory Federated Services, select Use ADFS. For more information, see Deprecated - ADFS Setup.
-
For Okta, select Use Okta. For more information, see Deprecated - Okta Setup.
-
For Google Workspace, select Use Google Workspace. For more information, see Deprecated - Google Workspace Setup.
Warning: To help prevent an inadvertent lockout, ensure that you have a Blackbaud ID outside of your claimed domains with access to the Authentication settings page.
As you set up your SSO connection, you can clear your settings and start over at any time, such as to troubleshoot issues. To erase your settings, select Erase all single sign-on settings under Single sign-on, and then select Erase SSO settings.
When you erase your SSO settings, you retain any verified email domains.
After you enable SSO, select Learn about disconnecting SSO to first turn off the connection to your IdP. For more information, see Single Sign-on Connection.