Single Sign-on (SSO)

On the Authentication settings page, organization admins can enable and manage a single sign-on (SSO) connection that lets users sign in through the organization's identity provider (IdP). If you don't set up SSO, users sign in through Blackbaud's secure authentication service or through a social sign-in, such as Apple ID, Facebook, Google, or Microsoft.

To enable SSO from the Authentication settings page, you select Manage SSO settings under Single sign-on and then select your connection method. After you turn on SSO, you select Manage SSO settings to access the Single sign-on page where you manage your SSO connection.

This topic covers the following:

Single Sign-on Connection
Claimed Email Domains
Redirect Settings

Single Sign-on Connection

On the Single sign-on page, you can view SSO connection details, such as the connection name and the application ID, and you can manage SSO details, such as the organization name to display when users sign in.

Claimed Email Domains

To determine which users to redirect to your IdP when they sign in with their Blackbaud IDs, you claim the email domains, such as @yourdomain.org or @yourdomain.edu, that your organization uses. Under Claimed email domains, you can manage the domains that your SSO connection recognizes.

Redirect Settings

To ease authentication after you enable SSO, you can provide users at your organization with a redirect URL to bypass the Blackbaud ID sign-in page and sign in directly through your IdP. You can also create additional redirect URLs to ease access to Blackbaud ID-supported solutions. For more information, see Redirect Settings.