Single Sign-On Settings (SSO)

Tip: Looking for instructions that are more focused on workflow? View the tutorial for Single Sign On (SSO) via JSON Web Tokens .

Platform managers can manage single sign-on (SSO) settings for each third party application instance. This enables users from your school to quickly access another application without reentering usernames and passwords. They'll use their school account to access the third party service or resources.

Tip: Looking for instructions about how to establish an SSO connection between Blackbaud and your Identity Provider (IdP)? Start from blackbaud.com and then select Admin, Security, Authentication. For details see SSO for BBID and the Blackbaud ID Single Sign-on Setup Help.

Settings for an SSO can't be deleted.

  1. Select Core.

  2. Select Security .

  3. Select Authentication settings.

  4. Select SSO settings.

  5. Select the + Add new

  6. Select Allow this SSO to be used to enable or activate the settings.

    Note: Clear the option if the SSO should not be used. Although you can't delete SSO settings, you can deselect this option to disable or inactivate it.

  7. Enter a brief descriptive Name.

    A Slug is automatically generated based on the name. Spaces in a name are replaced by hyphens (-) in the slug.

  8. Enter the Redirect URL. Be sure for format the URL so that the following parameter information is appended to the end of the URL:

    ?ssotoken={token}

  9. An alphanumeric Secret key is automatically generated. You'll use this in your custom implementation. Copy it to a safe location for later use.

  10. To enable platform managers to impersonate other users and SSO into the application with a different identity, select Allow impersonate. Otherwise, clear this option.

  11. Select Save.

Although you can't edit a Secret key or Slug, you can rename the settings, update the URL, change impersonation rights, and enable or disable usage.

  3. Select Core.

  5. Select Security .

  7. Select Authentication settings.

  8. Select SSO settings.

  9. On the row of the existing credentials for a provider, select Edit.

  10. Select Allow this SSO to be used to enable or activate the settings.

    Note: Clear the option if the SSO should not be used. Although you can't delete SSO settings, you can deselect this option to disable or inactivate it.

  11. Enter a brief descriptive Name.

    The Slug based on the original name remains unchanged.

  12. Enter the Redirect URL. Be sure for format the URL so that the following parameter information is appended to the end of the URL:

    ?ssotoken={token}

    and replace "token" with an assigned token.

    Note: Learn more about generating tokens.

  13. To enable platform managers to impersonate other users and SSO into the application with a different identity, select Allow impersonate. Otherwise, clear this option.

  14. Select Save.

Your school may want to disable some SSOs at specific times of the year, such as during summer vacation or while your administrator makes significant changes to the other application's settings.

  1. Select Core.

  2. Select Security .

  3. Select Authentication settings.

  4. Select SSO settings.

  5. On the row of the existing credentials for a Provider, select Edit.

  6. Clear the Allow this SSO to be used option.

  7. Select Save.

To re-enable the SSO, edit it and allow usage again. The original settings remain unchanged.

Your school may want to re-enable some SSOs at specific times of the year, such as after summer vacation or after a major change to the other application's settings.

  1. Select Core.

  2. Select Security .

  3. Select Authentication settings.

  4. Select SSO settings.

  5. On the row of the existing credentials for a provider, select Edit.

  6. Select the Allow this SSO to be used option.

  7. Select Save.

Clear the option if the SSO should not be used. Although you can't delete SSO settings, you can deselect this option to disable or inactivate it.

To enable a enable a third party to access your school's data, you must provide them with secure tokens that they'll use to authenticate to your site.

  1. Select Core.

  2. Select Security .

  3. Select Authentication settings.

  4. Select SSO settings.

  5. On the row of the existing credentials for a provider, select Edit.

  6. Use your computer's built-in functionality to select and copy the Secret key.

  7. Select Save or Cancel.

Provide the Secret key to the third party vendor.