Authentications let Finalsite users log in using credentials from another system such as Google or LDAP, while SSOs go the other direction, letting users access external services from within Finalsite. All authentication options are configured in Integrated Services Manager in the Composer module menu.
đź’ˇQuick answers
- What is the difference between an authentication and an SSO in Finalsite? An authentication lets users log directly into Finalsite using credentials from an external service; an SSO lets users access an external service from within Finalsite while remaining authenticated.
- Where are authentications configured in Finalsite? In Integrated Services Manager, found in the Composer module menu.
- Which authentication options does Finalsite support? Google, Senior Systems, Veracross, LDAP, ADFS, Azure Active Directory, and SAML (general IdP support).
- What is SAML authentication and when should it be used? A SAML-based option that redirects users to your own identity provider for authentication, supporting 2FA and custom password policies; best for organizations that already manage access centrally via their own IdP.
- Does SAML authentication work across multiple domains? No; it is limited to a single domain. For multi-domain organizations, LDAP or Google authentication are recommended instead.
In this article
Authentication vs single sign-onÂ
Authentications and single sign-ons (SSOs) are both ways of leveraging data that you already have to make the experience of using your website easier and smoother for both visitors and site administrators.Â
- An authentication is the connection between another service and Finalsite.
- Users log directly into Finalsite using the credentials from the other service.
- An SSO is the connection between Finalsite and another service.
- Users to log directly into the other service from Finalsite. Read more in the article, Single sign-on overview.
Authentications and SSOs are maintained in Integrated Services Manager found in the module menu.Â
A full list of the authentication options we provide can be found below:
Finalsite authentication
Read the article, Finalsite authentication to learn more!
Full list of authentication options
Senior Systems
With a Senior Systems integration, we can also configure authentication with Senior Systems so that users can log into Finalsite using the credentials housed and managed in Senior Systems. This is configurable per role.
With the Authentication configured, you can use “deep links” to land users in various sections of MyBackpack in Senior Systems. A full list of these targets is available from Senior Systems.
These deep links will serve to land the user, authenticated, in MyBackpack from a link in the Finalsite portal.
Veracross
We offer an option that will allow your users to log into Finalsite via Veracross. This is a redirect authentication that will send users in roles set to use Veracross Authentication to Veracross to log in, and then redirect back to Finalsite.
To use this option, you will need to configure an OAuth application in Veracross (detailed steps can be provided at time of deployment). We will also need to enable staggered login in Finalsite. “Staggered,” meaning that the username and password fields are on separate screens rather than having both fields displayed together and submitted with a single “log in” button.
Finalsite offers an Authentication option allowing users to log in with their Google Account. This is detailed in the article, Google Authentication.
LDAP Authentication
An LDAP (Lightweight Directory Access Protocol) server synchronizes each user’s password across multiple databases, such as your student information server, your campus email system, and your Finalsite website. LDAP integration is an easy, reliable process for allowing some or all of your constituents to log into various school systems, including your Finalsite school website, using the same username and password provided by your domain’s LDAP server.
ADFS Authentication
Finalsite has recently added a way to allow constituents/users to authenticate into Finalsite using your in-house ADFS system as the Identity Provider. This is configurable by admin group or constituent role, so there is some flexibility in how your users will authenticate. This is done using a SAML 2.0 connection.
Azure Authentication
Working in tandem with the Azure Integration we offer a SAML-based authentication option that can be configured to allow constituents and/or admins to log into Finalsite via Azure Active Directory.
SAML Authentication (General)
If you prefer to manage access for constituents and/or admin users with your own identity provider (IdP), Finalsite offers a SAML authentication method that can be used for this purpose. Most common IdPs support configuring Finalsite as a service provider in this way.
Using a SAML authentication allows you to redirect users to your own login pages for your IdP, and also allows you to implement any authentication protocols you may enforce, including two-factor authentication and password requirements. This can be configured in Finalsite per admin group or per constituent role.
As a prerequisite for this integration, the usernames in Finalsite need to match an attribute on the IdP side to ensure the connection works reliably.
SAML Authentication also supports Single-Logout that is service provider-initiated and uses the Redirect method.
- It is important to note that SAML authentication will be limited to sign users into a single domain for your website. If your organization is hoping to have users sign into several domains, we recommend another authentication option that works across multiple domains, such as LDAP Authentication or Google Authentication.Â
Comments
Please Sign in to leave a comment if you don't see the comment box below.