Set up Social Login (Open Authentication)

Set up open authentication so constituents can log in to your site with their social account credentials, instead of creating a new registration on your site.

What is Open Authentication, Social Login, and Akamai (formerly Janrain)?

Open authentication is an open standard for token-based authentication on the Internet. Authentication verifies who you are.

With open authentication, a user's account information can be used by third-party services, such as Facebook, without exposing the user's password. Login information for constituents is accessed and validated using application programming interfaces (APIs) created and maintained by the service connection company, Akamai. The product is called Akamai Identity Cloud.

Note: Luminate Online does not store user's passwords for their linked accounts. While administrators can view linked profiles from within a constituent record, viewing permissions are set and managed by the social site.

After open authentication is configured and social login is enabled, the Social Site login component is automatically added to the standard Login page as string of social site icons similar to the following image:

Not only does this provide a convenient login mechanism, but when new constituent profiles are created from social logins, sharable data from their social accounts is stored as part of their constituent profile. You can use this profile information to better customize communications toward your audience.

Note: Users are prompted as to what information they are sharing, which they must specifically opt into. Administrators also have the ability to decide what personal information to pull during the registration process, as described in this procedure.

Social Login is using existing username and password credentials from a social account to log into a secured site.

Akamai Identity Cloud (formerly Janrain) is a social login account tool that uses plug-ins for your site that allow constituents to move directly from your organization's site to your organization’s social media networks. To use Akamai Identity Cloud for social sharing and open authentication on your site, you must have a Akamai account, which is created as part of this procedure.

After a user registers for your website using social account credentials, the social account is remembered so users can log in again the same way. When a user logs out of your site, the social account connection remains active until the user signs out of the social account.

Note: 2019 Update - Janrain is now Akamai Identity Cloud. Most documentation now reflects the name Akamai, but some portions continue to use the legacy name of Janrain to match configuration options in Luminate Online and the Janrain Dashboard.

Note: Contact Luminate Customer Support for help resolving Akamai Identity Cloud issues with Luminate Online or Luminate CMS.

Enable open authentication:

1. Click Constituent360 > Social Media.

2. Click the Open Authentication tab.

3. Click View/Change Janrain Account Parameters.

4. Choose one of the following options and complete the steps:

   Note: Before you begin, disable blocker extensions in your browser, such as Google Chrome's uBlock or AdBlock. When blocking tools are enabled, the Janrain/Akamai account creation does not complete, and Engage apps are not created.

   • Create New Account

     1. Enter a valid email address in the Janrain Admin Email Address field.

     2. Enter a name for your application in the Janrain Engage App Name field.

        Tip: Use only letters, numbers, and hyphens. Do not use spaces or other special characters in the name. For example, use MyOrgsApp, or My-Orgs-App. If you get a message that you do not have a unique app name, continue entering different names to find an app name that is unique.

     3. Click Finish. Akamai (formerly Janrain) sends an email to the account specified.

     4. For the email account specified, open the inbox and locate an email from Akamai (formerly Janrain).

        Tip: The email subject might include, " Activation for (domain).rpxnow.com. "If you do not see the email, check the junk or spam folder. If you cannot locate the email, contact Luminate Blackbaud support.

     5. In the email, click the link to open the Akamai (formerly Janrain) website.

     6. Click Create Account.

     7. Create an account by entering the same email address and choose a password.

     8. Click Continue. Account creation is complete. Akamai (formerly Janrain) sends an email to the account specified.

     9. Open the email from Akamai.

        Tip: The email subject might include "Janrain Dashboard email verification." The sender might be "noreply."

     10. Click the link to verify your email address.

     11. Repeat these steps to create a Janrain Engage App for every Luminate Online instance used by your organizations.

     12. Continue to the next step to Enable Open Authentication.

     --OR--

   • Use Existing Account

     1. Enter the Janrain API Key for your app.

        Tip: To locate this key, open your Janrain Dashboard, click the Manage Engage App icon for your app, and under Settings, click App Info. The key is listed under API Key (Secret).

     2. Enter the subdomain name for your Janrain Engage app.

        Tip: The subdomain portion of your app is the part between "https://" and ".rpxnow.com." So, if your app name is "https://My-Orgs-Name.rpxnow.com," enter My-Orgs-Name in this field.

     3. Click Finish.

     4. Continue to the next step to Enable Open Authentication.Set up Social Login (Open Authentication)

5. In Luminate Online, click Enable Open Authentication.

6. Click Finish.

7. Click Enable Janrain.

8. In the message box that appears, click OK.

9. Choose which data you want to pull from social accounts and save in the constituent's profile by selecting boxes in the Constituent Profile Data to Share Between Accounts section.

   Note: Not all social networking sites store all of the fields displayed.

10. Add social account providers so they display in the Authentication Service Providers section as configured for use:

    Tip: See the Akamai (formerly Janrain) documentation for detailed steps to configure providers.

    1. Log into your Janrain Dashboard.

       Tip: If you do not see your Engage app listed, open the email from Akamai with the subject, "Engage Basic Sign-up Confirmation for AppName," and use the Janrain Dashboard link from the email.

       

    2. Click the Manage Engage App icon for your app.

    3. In the Providers section, click the Manage Providers icon.

    4. In the list on the right, click the name of a provider that you want to add.

       Note: Facebook requires a Facebook Developer account.

    5. Click Configure.

    6. Follow all steps in the popup setup guide or as outlined in the Akamai (formerly Janrain) documentation.

       Note: Enabled providers display on the Authentication Settings page in Luminate Online within a time frame of an hour to end of the day, depending on Akamai's update.

    7. Save and publish your configurations:

       1. Return to the Janrain Dashboard.

       2. In the Widgets and SDKs section, click Sign-Ins.

       3. Click Providers.

       4. Scroll to the bottom, and click select the Save and Publish radio button, and click Publish.

       Tip: If the provider cog wheel icon is green, that means it's configured and ready to use. If it is grey, it hasn't been configured yet.

11. Verify that the whitelisted domains in the Janrain Dashboard include all domains that will host social login or social sharing links:

    1. Return to the Janrain Dashboard.

    2. Click the Manage Engage App icon for your app.

    3. In Settings, click the Domain Whitelist down-arrow.

    4. In the Domain Whitelist section, verify that all secure and nonsecure domains that might host your social login or share links display. If not, add them.

       

       What domains must be whitelisted?

       All possible domains used by your organization to host social login or sharing, including secure (HTTPS) and non-secure (HTTP) domains, must be listed here.

       If your Administrator login site is "https://secure3.convio.net/shortname/admin/AdminLogin," then your organization's domain is "secure3.convio.net."

       Two entries per domain are needed. In this example, you would enter these two domains:

       secure3.convio.net

       *.convio.net

       The second domain with the asterisk includes subdomains and subfolders.

       If you have a customized, Luminate-hosted domain, enter "shortname.convio.net," where shortname is the custom name for your site. For example, if you have a customized domain, such as "support.diabetes.org," include that domain, along with a second entry for "*.diabetes.org."

       • Donation forms are always secure, so to add social share on a donation form, you must whitelist the secure domain that hosts the forms.

       • Participant Center 2 is always secure. You must whitelist the secure Participant Center domain, or the social icons that automatically display in the right-hand column will not display.

       • Luminate CMS-hosted pages must also be included here.

    5. Click Save.

12. In Luminate Online, click Save.

Tip: The related action, Record Social Network Application Keys, is not necessary for setup of Akamai Identity Cloud. You can find all of these keys in the Janrain Dashboard after configuring Akamai.

Next, Add and customize social login icons and Set Up Social Sharing