Single Sign-on Connection
After you enable single sign-on (SSO), you can track the connection's status under Single sign-on in Authentication. You can also manage your identity provider's (IdP) certificate and connection as necessary.
After you set up your connection, you can turn on SSO through your IdP. When you turn on SSO, anyone who signs in to their Blackbaud ID with one of your claimed domains is redirected to your IdP. After they authenticate through your IdP, their Blackbaud ID:
-
Automatically redirects to your organization's login for future sign-ins
-
Uses your IdP for password updates, lockouts, and similar authentication management
After you enable SSO, resend any pending invitations sent before the connection to your IdP. To set up the connection for your IdP, see Azure AD Setup, SAML 2.0 Setup, ADFS Setup, Okta Setup, or Google Workspace Setup.
You can turn off the SSO connection to your IdP as necessary, such as to troubleshoot an issue. When you disconnect your IdP:
-
Your organization's users sign in through Blackbaud's secure authentication service instead of your IdP. They receive email to reset their passwords to ensure they meet Blackbaud's authentication requirements.
-
You can still use your SSO connection in test mode to verify and manage settings. For more information, see Test Mode.
To disconnect your SSO connection, select Learn about disconnecting SSO under Single sign-on, and then select Yes, disconnect... and Disconnect.
Have issues with your SSO connection? To help troubleshoot, see SSO Connection Troubleshooting.