Single Sign-on Connection
After you enable single sign-on (SSO), you can track its status under Single sign-on in Authentication. You can also manage your identity provider's certificate and connection as necessary.
After you set up your connection, you can turn on SSO through your identity provider (IdP). When you turn on SSO, anyone who signs in to their Blackbaud ID with one of your claimed domains is redirected to your IdP. After they authenticate through your IdP, their Blackbaud ID:
Automatically redirects to your organization's login for future sign-ins
Uses your IdP for password updates, lockouts, and similar authentication management
Note: After you enable SSO, resend any pending invitations sent before the connection to your IdP.
To troubleshoot an issue or instead use Blackbaud's secure authentication service, you can turn off the connection to your IdP. When you disconnect your IdP, your organization's members will:
Sign in through Blackbaud's secure authentication service instead of your IdP.
Receive an email to reset their passwords to ensure they meet the requirements of Blackbaud's authentication service.
Still be able to use your SSO connection in test mode so you can continue to verify and manage its settings. For more information, see Test Mode.
To disconnect your SSO connection, select Learn about disconnecting SSO under Single sign-on, and then select Yes, disconnect... and Disconnect.
Note: Have issues with your SSO connection? To help troubleshoot, see SSO Connection Troubleshooting.