SAML 2.0 Certificates

For security, your Security Assertion Markup Language (SAML) 2.0 certificate expires periodically. Under Single sign-on, you can view when your certificate expires. To retain your SSO connection, upload a new certificate before the current one expires.

Warning: To help prevent an inadvertent lockout, make sure you have another Blackbaud ID outside of your claimed domains that has access to the Authentication settings page in Security.

  1. In Security, select Authentication.

  2. Under Single sign-on, select Manage SSO settings.

  3. In a separate browser tab, download a new certificate from your SAML IdP.

    The steps vary by IdP, and here are some examples:

    • For Google Workflow, sign in to your Google Workflow admin console with an administrator account, select the SAML app used with your members' Blackbaud IDs, and then select Download under Certificate.

    • For JumpCloud, generate the certificate and then sign in to your JumpCloud administrative console with an administrator account, select Applications and the SAML app used with your members' Blackbaud IDs, and then select Upload IdP certificate.

      Note: For information about how to generate the certificate for JumpCloud, see JumpCloud SAML Configuration Notes.

    • For OneLogin, sign in to your OneLogin administrator dashboard with an administrator account, select the SAML connection used with your members' Blackbaud IDs, and then, under SSO, select View details under the X.509 certificate field, and then Download.

  4. Return to Blackbaud's Single sign-on page to upload the certificate.

    1. Select Upload new certificate.

    2. Select Choose file, then browse to and select the new Personal Information Exchange (.pfx) file for your SAML 2.0 connection.

    3. Select Save.