Blackbaud ID Authentication for Education Management

Blackbaud ID enables each user at your school to access your Blackbaud products and services — such as Education Management , Raiser's Edge NXT, Tuition Management, the Higher Ed user community, and more — with a single email address and password.

If your school uses a single sign on (SSO) with your identity provider, a platform manager who is also an organization admin can enable the SSO for Blackbaud ID . Then any platform manager can set up authentication for users.

Tip: Some authentication settings are not accessible while impersonating. To set up authentication for your school, log in as the platform manager who has organization admin rights instead of impersonating one.

All users must sign with Blackbaud ID. Their username an email address.

From Core, select Security and then Blackbaud ID authentication. Users will appear in the list that corresponds to their authentication status for Blackbaud ID.

  • Use the lists to select a subset of users to manage in bulk. From each list, use the Search, sort options, and Filters to limit the results to the users you want to update. For example, you can filter to show registered users with student role, search for specific grad year, and sort by SSO email address. See Manage Authentication in Bulk.

  • Alternatively, select a single user's name to go to the Access tab of the user's profile to manage the individual's authentication settings. You can also use the People finder in Core to go to the Access tab of the user's profile to manage the individual's authentication settings. See Manage Authentication for a Single User.

Tip: Remember that the email address used forBlackbaud ID must be unique. It can’t be used by other users. Typically, the primary email address from a user's contact card will become the user's Blackbaud ID username. However, you can use a different email address for authentication when desired.

Tip: List managers can also view Login information related to Blackbaud ID in User lists and can filter the lists based on authentication status.

As a platform manager, who authenticates with Blackbaud ID and is also an environmental admin, can change the branding of the login screen to include your school name, primary color, and logo. Start from Core and go the Home dashboard. Then select Go to Education area. From there, follow the instructions in Branding.

When a user who authenticates with Blackbaud ID selects the Forgot your login or first time logging in? link from the sign in page, an error message appears. By default, the message states, "We are unable to process your request. Please contact your system administrator for assistance." However, admins can't reset the passwords, since Blackbaud ID enables users to serve themselves for this.

We recommend a platform manager replace the default text with a message like:

"If you authenticate with Blackbaud ID and need to reset your password, go to https://signin.blackbaud.com and then select Forgot Password. Your username is your email address."

Warning: Follow the instruction in Custom text/messages to update the text for Error Message: Authenticates with BBID.

Warning: To change the text used to label the sign-in help, follow the instructions for Authentication rules.

  • If you set up SSO, passwords for Blackbaud ID are managed through your Identity Provider.

  • Users who are configured with SSO to network credentials or Google will have their password managed by their school's IT administrator.

  • If you are not using an Identity Provider, users manage their ownBlackbaud ID passwords through their Blackbaud ID profiles: https://signin.blackbaud.com/userprofile

  • Users who don't use SSO to network credentials or Google can reset their own password from the Blackbaud login page: https://host.nxt.blackbaud.com/signin.

Platform managers use email domain settings to create and maintain URLs that improve the sign out process for users.

When you configure these URLs, users will be more likely to sign out of both their Blackbaud ID session and any other applications that use your Active Directory. For users who share electronic devices with other users, this improves security. See domain settings.

Occasionally, an individual may want to change their username or email address (such as for a name change due to marriage).

  • If you disconnect or unlink the Blackbaud ID in Education Management and relink to a new account, you'll create a new Blackbaud ID for the new email address. You'll need to invite the new account to access your various solutions as if it were a new individual.

  • If your school has multiple Blackbaud solutions (including www.blackbaud.com and NXT solutions) connected to a user's Blackbaud ID, you will probably prefer to update an existing Blackbaud ID in Education Management to use the new email address, especially if you use single sign on (SSO).

The specifics of this will vary based on how you set up single sign-on (SSO) for Blackbaud ID with your identity provider (IdP) — especially the types of IdP connection and the attribute/variable you mapped to the NameID for SSO.

For a SAML 2.0 connection , if you map email addresses as the NameID to identify users, any changes to a user's email address then requires you to reinvite them to solutions (Raiser's Edge NXT, Education Management, etc.) at that new address, like with a new Blackbaud ID.

Tip: To help inoculate yourself from the impact of changes to email addresses, we recommend you map the NameID to a more constant attribute or variable. Which you use depends on your IdP. For example, for JumpCloud, we recommend 'username'; for OneLogin, 'OneLogin ID'. You may want to consult your IdP's documentation to determine which attribute best meets your need.

Blackbaud ID enables your school to set up an optional single-sign on (SSO) through Google or your network credentials.

Blackbaud ID enables an extra layer of security with two-step authentication, so you'll sign in with a unique verification code in addition to your email address and password.

All Blackbaud ID usernames must be email addresses.

Tip: To interact with your peers at other schools and follow blog posts aboutBlackbaud ID, visit the Blackbaud User Community online.