Single sign-on (SSO) overview

In this Article


Single sign-on vs authentication

Single sign-ons (SSOs) and authentications are both ways of leveraging data that you already have to make the experience of using your website easier and smoother for both visitors and site administrators. 

  • An SSO is the connection between Finalsite and another service.
    • Users to log directly into the other service from Finalsite. 
  • An authentication is the connection between another service and Finalsite.
    • Users log directly into Finalsite using the credentials from the other service.
    • Read more in the article, Authentication overview.

SSOs and authentications are maintained in Integrated Services Manager found in the module menu. 

integrated services manager.png

A full list of the authentication options we provide can be found below:

Full list of SSO options

Senior Systems

The SSO with Senior Systems MyBackpack is contingent upon using the Senior Systems Data Integration and the Senior Systems Authentication mechanism. Once configured, it allows parents, students, and faculty to pass from the Finalsite portal into MyBackpack without a second challenge for credentials.

Veracross

The SSO offered between Finalsite and Veracross requires using the Veracross Data Integration and Authentication mechanism.  Once configured, users will be able to pass from the Finalsite Portal into a variety of locations in Veracross.

Powerschool Learning

Finalsite offers a way to enable SSO to PS Learning via the SSO option called miniOrange IdP which is a cloud based integration. 

This implementation requires that we either have a unique identifier in Finalsite (most commonly the ImportID) that matches a value set to the corresponding user in Powersschool OR that we have matching usernames.

Achieve

Finalsite offers an SSO with AchieveIn order to set this up, usernames in Finalsite will need to match the usernames in Achieve.

FACTS

Finalsite offers a single sign on for parents with FACTS Management.  The SSO between the two systems uses a secure URL, containing an encrypted token, that is generated for each user in turn.

There are a number of different scenarios for the SSO workflow, depending on whether a parent has an account in FACTS and has previously used the SSO from Finalsite.

  • Parents with an existing FACTS account: When a parent first clicks the FACTS SSO link in Finalsite, they are transferred to FACTS. They may then enter their FACTS login credentials or register for a new account. If they authenticate successfully, their FACTS account is linked to their Finalsite account and, for all subsequent single sign-ons from Finalsite, they will be taken directly to the FACTS dashboard. 
  • Parents without a FACTS account: A parent who does not have an account in FACTS will not be able to link up their FACTS account to their Finalsite account by logging in to FACTS. Instead, alongside the option to enter FACTS credentials (which they do not have), they have the option of creating a new account.
    • The new account form will be pre-populated with the following data provided by Finalsite:
      • First name
      • Last name
      • Primary email address

Once the account has been created in FACTS, it is linked to their Finalsite account and, for all subsequent single sign-ons from Finalsite, the parent will be taken directly to the FACTS dashboard.

Blackbaud NetCommunity

Finalsite offers a single sign on with Blackbaud NetCommunity.  From NetCommunity, the client can configure SSOs to other areas of their Blackbaud portals (e.g. NetClassroom).  The key matching datapoint for this SSO is the username.

InResonance

Finalsite offers an SSO into inResonance.  This can land a user in the FAM, SFO, RWS, or billpay modules within inResonance.  It is based off a shared datapoint (commonly importid) that is present in both Finalsite and inResonance.  This SSO works best when used in combination with an InResonance data integration.

The School Volunteer

Finalsite offers an SSO with The School Volunteer.  If users already exist in The School Volunteer prior to implementing the SSO, your deployment expert will work with you to add the appropriate Finalsite IDs to those users in TSV to ensure they are not duplicated.  New users will be created in TSV when using the SSO the first time.

There are a few options for “deeplinks” with this SSO that will land users in specific sections of The School Volunteer including: “View My Schedule”, “Nominate Leadership”, and “View Committee”.

Canvas

Finalsite offers a SAML based SSO with Canvas.  With this SSO, Finalsite becomes the Identity Provider for Canvas, so if users are currently logging in to Canvas with Google or by other means, this may not be the right option.  Your deployment expert will provide instructions for setting up the SSO on the Canvas side. This SSO is contingent upon the username matching between the two systems.

Magnus Health

Magnus Health is health software for K-12 Schools.  Our offering is an SSO and an integration.  We push student and parent data into Magnus for the client, from their Finalsite data, and receive a token that we can then use to allow parents to pass from Finalsite into Magnus without a second login.

Datapoints that can be pushed are listed below:  

Parent Datapoints

  Student Datapoints

Address

Phone

Work Phone

Mobile Phone

First Name

Last Name

Email

Username

  First Name

  Last Name

  Phone Number

  Birthdate

  Username

  Address

Please note that this requires that a school utilize the "Class Of" field for their students as well as proper relationships in the client data.

Schoology

Finalsite offers an SSO with Schoology.  In order for this to function, either an ImportID value or a username value will need to match in Finalsite and Schoology.  Your deployment expert will work with you on configuring this SSO on the Schoology side.

Moodle

SSO to Moodle allows your constituents (for example, students and faculty) to seamlessly click through to Moodle from within your school's portal pages. Constituents use their (Finalsite) username and password to access Moodle. Moodle SSO requires adding and configuring a Finalsite-specific extension ('block') to your Moodle deployment. It also requires that you share the same usernames between Finalsite and Moodle, as the username is used as the common piece of data to uniquely identify a user. The SSO process itself uses a secure cryptographic hash to execute the single sign-on. This plugin has been tested on Moodle 1.9.11, 2.0.3 and 2.1.1. It may or may not work with other versions of Moodle or versions of PHP older than version 5.1.2.

Catertrax

Finalsite now offers a single sign-on option with CaterTrax.  This SSO option uses SAML and requires that the client understand that users will now access CaterTrax exclusively through Finalsite's SSO link.

This SSO can be configured with a default landing page and a default log out page, as well as provisioning options set in CaterTrax.

MySchool

Finalsite offers a SAML based SSO with MySchool.

CHQ

Finalsite offers an SSO with CHQ.  There will need to be a shared datapoint between Finalsite and CHQ for this to work as expected.

Naviance

Finalsite supports a Student SSO into Naviance.   Naviance does not offer Parent or Faculty options.  It is recommended that the client setup the accounts in Naviance utilizing the Finalsite ImportID.  We can support a different datapoint, but it may complicate configuration.

PCR

Finalsite offers a Single Sign on into PCR for clients who are also using the PCR data integration.

Vidigami

Finalsite offers an SSO option for Vidigami.  It's simple to setup and allows for passing from Finalsite into Vidigami without a second set of credentials.  It is important that the primary email in Finalsite match the email in Vidigami (case-sensitive)

People Grove

Finalsite offers a SAML SSO option with PeopleGrove to facilitate a passthrough from Finalsite into PeopleGrove.

World Book

A simple SSO to World Book can be configured on your site to allow portal users to pass from Finalsite to World Book without being challenged for credentials.

Pick a Time

Finalsite offers an SSO with Pick a Timethat will allow users to pass from Finalsite into Pick a Time without being challenged for credentials.  Your deployment expert will work with you to ensure that the data is setup properly for the SSO to function.  This requires pickAtime userID to match a Finalsite importID.

Zendesk

Finalsite now offers a single sign-on with ZenDesk.  This will allow users to pass from a Finalsite portal into ZenDesk without a second request for authentication.

PTC Wizard

Finalsite now offers a SSO with PTC Wizard.  This can be used to pass from FS to PTC Wizard without a second challenge for credentials.  There may need to be some data work to ensure the SSO works as expected.

Rediker Plus Portals

Finalsite offers Student, Parent, and Faculty SSO into Rediker's PlusPortals for clients also using the Rediker data integration.  Note that this requires dual role faculty/parents to have the same email on both accounts in Rediker to see parent and faculty info in a single SSO passthrough.

Was this article helpful?
2 out of 2 found this helpful

Comments

0 comments

Please Sign in to leave a comment if you don't see the comment box below.