You are here: Administration > Settings > Site Settings > Single sign-on authentication settings

Single sign-on authentication settings

If your website contains web pages that integrate with software programs other than Blackbaud NetCommunity, you can use single sign-on so users do not have to enter different logins on the Blackbaud NetCommunity pages. With incoming single sign-on, users click a unique link from a non-Blackbaud NetCommunity page to access Blackbaud NetCommunity secured pages without entering user name and password information. Under Enable single sign-on authentication, select whether to enable single sign-on authentication to allow users transparent access to secured pages. When you do this, single sign-on systems for non-Blackbaud NetCommunity pages authenticate users with a shared key and time algorithm in a querystring, such as &u=Supervisor&t=151256232434&m=282FE2ECF98F5FFEDAAB12A38F3A3D54.

1. To enable single sign-on for your website, select Enable single sign-on authentication. When you select this checkbox, the grid enables.

Note: Integration of your website with a third-party single sign-on system requires additional custom programming. For information about the code necessary to integrate with a single sign-on system, consult your single sign-on system provider.

2. In the grid, enter the information to use with the single sign-on system.

Warning: With incoming single sign-on, users can log in to a non-Blackbaud NetCommunity page and gain access to a Blackbaud NetCommunity page but they cannot log in to a Blackbaud NetCommunity page and gain access to a non-Blackbaud NetCommunity page. To set up outgoing single sign-on to allow users to navigate from Blackbaud NetCommunity to a third-party site without entering their credentials for the third-party site, see API.

a. Under Description, enter a unique name to identify the single sign-on instance.
b. Under Shared key, enter a string value key used by the single sign-on system to access your website. We recommend a combination of letters and numbers.
c. The Querystring columns contain the three variable parameters that other single sign-on systems pass via the URL.

Under UserName querystring enter the plain text variable that identifies the user name in the querystring generated by the single sign-on system.

Under Time querystring enter the variable that indicates the timestamp in the querystring generated by the single sign-on system. The timestamp is in epochtime when the URL was created. Epochtime is the number of seconds since January 1, 1970.

Under MD5 hash querystring enter the variable that indicates the MD5 hash value in the query string generated by the single sign-on system.

Note: The single sign-on system uses this information to generate a message digest (MD5) algorithm hash value in a querystring for security. If you select Include IP, the MD5 hash value has a format of “shared key + user name + client IP + time,” where the client IP is the IP address of the website user. If you do not select Include IP, the MD5 hash value has a format of “shared key + user name + time.”

d. In the Expiration (seconds) column, enter for how long after the timestamp generated in the querystring the user has transparent access to the web page. By default, the single sign-on authentication expires after 300 seconds (5 minutes).
e. If the single sign-on system uses the client IP address as additional security, select the checkbox in the Include IP column. This optional feature provides additional security by ensuring that the single sign-on link is only valid for a specific user's IP address.
f. To require secure sockets layer for additional security, select the checkbox in the Require SSL column. When you select this, pages require URLs that begin with “https.”
g. If you maintain multiple third-party web pages on your site, click Add New to add additional single sign-on entries. For security purposes, we recommend a separate entry for each third-party integration.
3. To edit an existing single sign-on entry, click Edit and update the information as necessary.
4. To delete an existing single sign-on entry, click Delete. At the message to confirm the deletion of the row, click Yes.
5. To save the settings, click Save.

 

Our goal is to provide accurate, thorough answers. Please let us know how we can improve this section of the user guide. If you need help from our Support team, create a case for fastest response.

Blackbaud, Inc. | 2000 Daniel Island Dr. | Charleston, SC 29492 | 800.468.8996