Single Sign-on
In Admin, organization admins can enable single sign-on (SSO) to require users to sign in through their organization's identity provider (IdP). By default, users either sign in through Blackbaud's secure authentication service or through social sign-ins, such as Apple Authentication or Google Authentication.
To enable SSO in Authentication, select Manage SSO settings under Single sign-on, and select your IdP. For more information, see Single Sign-on Setup. After you enable SSO, you can select Manage SSO settings to manage details about your IdP's connection.
Under Single sign-on, you can manage the connection to your IdP, including its security certificate or application key and how your organization's name appears when users sign in. For more information, see SSO Connection Summary.
To properly recognize and redirect users to your IdP when they sign in, you identify the email domains, such as @yourdomain.org or @yourdomain.edu, that your organization uses. Under Claimed email domains, you can manage the domains that your connection recognizes. For more information, see Claimed Email Domains.
To ease authentication after you enable single sign-on (SSO), you can provide users at your organization with a redirect URL to bypass the Blackbaud ID sign-in page and sign in directly through your identity provider (IdP). For SAML 2.0 or Okta connections, you can also create one additional redirect URL to ease access to a Blackbaud ID-supported solution. For more information, see Redirect Settings.