Single Sign-on

On the Authentication settings page, organization admins can enable and manage a single sign-on (SSO) connection that lets users sign in through the organization's identity provider (IdP). By default, users sign in through Blackbaud's secure authentication service or a social sign-in, such as Apple Authentication or Google Authentication.

To enable SSO on the Authentication settings page, you select Manage SSO settings under Single sign-on and then select your connection method. For more information, see Single Sign-on Setup. After you turn on SSO, you select Manage SSO settings to access the Single sign-on page where you manage your SSO connection.

On the Single sign-on page, you can view information about your SSO connection, such as the connection name and the application ID, and you can manage SSO details, such as the organization name to display when users sign in. For more information, see SSO Connection Summary.

To determine which users to redirect to your IdP when they sign in with their Blackbaud IDs, you claim the email domains, such as @yourdomain.org or @yourdomain.edu, that your organization uses. Under Claimed email domains, you can manage the domains that your SSO connection recognizes. For more information, see Claimed Email Domains.

To ease authentication after you enable SSO, you can provide users at your organization with a redirect URL to bypass the Blackbaud ID sign-in page and sign in directly through your IdP. For SAML 2.0, you can also create one additional redirect URL to ease access to a Blackbaud ID-supported solution. For more information, see Redirect Settings.