Google Workspace Setup

Note: This help topic describes new single sign-on (SSO) setup options for Google Workspace. To enhance security and stability, Blackbaud has switched to a new SSO authentication service. Organizations that already use SSO will now see a New single sign-on tab on the Authentication settings page in Security and must set up new SSO connections by Oct. 31.

Your organization can use Google Workspace and its APIs to securely connect its users to technology. To set up an SSO connection that lets users sign in to Blackbaud solutions through Google, an organization admin (or another user with the necessary admin rights) must create a Google web application in your Google API Console and configure the following settings on the Authentication settings page in Security:

  • Your organization's primary Google domain or domain alias. (To view your domains in the Google API Console, select Credentials, Domain verification.)

  • The client ID and client secret generated when you create your application.

To prevent inadvertent lockouts, make sure to:

  • Complete the setup during a maintenance window for your organization's network.

  • Create a Blackbaud ID outside of your claimed domains with access to the Authentication settings page in Security.

Tip: If you are migrating an existing Google Workspace SSO connection, we already pulled over any domains you previously claimed from your existing connection along with most of the configuration details for your application. To complete the process, you just need to add a couple new authorized paths to your Google Workspace SSO application and then test the SSO connection to verify that your organization can use your identity provider (IdP) to sign in to Blackbaud solutions.

For detailed guidance on the steps that are necessary when setting up an SSO connection that doesn't inherit previously claimed domains or configuration settings, see the following instructions.

After you save your SSO configuration settings and turn off test mode, an Erase all single sign-on settings option appears after the SSO configuration steps. This option allows you to clear your configuration settings and start over. For example, you can select Erase all single sign-on settings if you need to select a different connection method or start over after you troubleshoot an issue. The option is only available after you save your configuration settings in step 2 and turn off test mode in step 3. When you turn on SSO, the option is no longer available, but you can turn off SSO to make it available again. For more information, see Single Sign-on Setup