User authentication

With Single Sign On (SSO) authentication, your system authenticates admins and applicants using their existing SSO credentials. The process allows access to multiple applications and websites without the need to re-enter credentials. SSO enhances user experience and security by reducing the number of times credentials are entered.

SSO utilizes the Security Assertion Markup Language (SAML), which is an open standard for exchanging authentication and authorization data between an IdP and a service provider. In this transaction, your organization is the IdP (Identity Provider) that validates credentials and then provides a Unique Identifier (UID )to your system. Your system uses this UID as a lookup key to determine which user is logging in and what permissions they have.

If a user cannot access your system, it means that it hasn't received the correct UID from your campus. Typically, this occurs when your organization's identity management hasn't validated the credentials. For more information, see Troubleshooting Sign-in Issues.

If your user doesn't currently have an account, your system creates one for them.

The default role in the system is that of an applicant. For a new user to have administrative privileges, an existing administrator can assign additional privileges to the user.

Though it isn't recommended, you can use Allow List Local authentication to grant access without integrating into a broader authentication system.

Applicants can only sign up or sign into their accounts if their email address is included in your current data import file. If a user's record isn't in the file, they can't access your system.

Note: Admins, reviewers, and reference aren't affected by your import file. To give access to one of these users, create an account as an admin.

For guidance on common sign-in issues, see Troubleshooting Sign-in Issues.