Claimed Email Domains

To properly recognize and redirect members to your identity provider (IdP) when they sign in, identify the email domains that your organization uses, such as @yourdomain.org or @yourdomain.edu. After you claim a domain, users who sign in to Blackbaud ID with email addresses on that domain are redirected to your login, where they sign in with their organizational credentials. After you configure SSO, you can manage your claimed email domains in Authentication.

When you claim a domain, it takes up to two days for Blackbaud to verify ownership. To enable verification, update your domain name system (DNS) with the domain's text (TXT) record.

  1. In Admin, select Authentication, and then select Manage SSO settings under Single sign-on.

  2. Under Claimed email domains or Single sign-on, select Claim domains.

  3. For each of your organization's email domains:

    1. Select Claim another domain.

    2. Enter the domain, and select Start domain verification.

  4. To enable verification of each domain:

    1. Copy the domain's TXT record value.

    2. On your DNS provider's website, add the domain to your configuration.

      Tip: To verify you update the correct DNS, visit ICANN WHOIS, enter the email domain, and confirm its service provider in the Name server field.

      • For Type, choose TXT.

      • For Host, enter the root domain or subdomain.

        Tip: Your DNS provider may support '@' as a shortcut to the root domain. Otherwise, enter the root domain, such as your.org or your.edu.

      • For Value, Answer, or Definition, paste the domain's TXT record value.

      • For Time-to-live (TTL), enter 3600 s or 1 hour.

    3. In Authentication, select Verify this domain.

      It takes up to two days to verify your domain. You'll receive an email when verification completes. After a domain is verified, you can remove its TXT record from your DNS.

  5. Select Close.

For a list of Blackbaud IDs included in a claimed email domain:

  1. In Admin, select Authentication, and then select Manage SSO settings under Single sign-on.

  2. Under Claimed email domains, select View Blackbaud IDs.

The list includes any Blackbaud ID email addresses on the claimed domain that signed in during the past two years. To copy the Blackbaud IDs, such as to create a recipient list for an email, select Copy all to clipboard. The list includes all Blackbaud IDs that signed in during the past two years. This may include users who left your organization or are no longer valid.

If your organization no longer uses a domain, you can remove it from your SSO configuration. After you delete a claimed domain, users on that domain sign in through Blackbaud's secure authentication service instead of your identity provider.

  1. In Admin, select Authentication, and then select Manage SSO settings under Single sign-on.

  2. Under Claimed email domains, select Claim domains.

  3. For the domain to remove, select Delete.

  4. Select Close.