Google Authentication allows site users and admins to login to your website using their Google username and password.
This article describes how Google Authentication works for users, and what’s required before a site can convert to using Google logins.
As of Spring 2018, all admin user logins to Finalsite websites are “staggered,” meaning that the username and password fields are on separate screens rather than having both fields displayed together and submitted with a single “log in” button.
In order to use Google Authentication, this staggered login process must be activated for all users, admins and portal users alike.
For Google Authentication users:
After submitting their Google username, Composer will redirect to the Google login form and prompt the user for their password. The user enters their Google password and is automatically redirected back to the site, where they’re logged in.
If the user has more than one Google account, they will be able to select which account they want to use to login to the website.
For other authentications:
After submitting their website username, Composer displays a password field and prompts the user for their password. The user enters their website password and is logged into the site.
Requirements and Caveats
There are several requirements that websites must meet before Google Authentication can be activated:
- The school must be using Composer; Google Authentication is not compatible with Page Manager.
- All users in admin groups or roles set to Google Authentication must have a corresponding Google account.
- We also recommend having the Finalsite Username match the email address associated with the corresponding user's Google account to avoid any user confusion in the login process from having disparate usernames.
- Users' Primary Email Address needs to match the email address associated with the corresponding user's Google account.
- Fallback authentications (to allow Google-authenticated roles to use Finalsite authentication if Google is unavailable for some reason) are not currently available.
- Some SIS integrations or SSO options may conflict with Google Authentication:
- For Veracross, Senior Systems, Blackbaud On, or Renweb, users MUST login using the SIS authentication in order for SSO links to work. Using Google to authenticate into Finalsite then trying to access one of these systems via an SSO will not work. (This may not affect site admins as much as it does portal users).
- It’s recommended that SSOs be configured to use the same username values as the Google authentication, whenever possible.
- If a user's Google Account utilizes Two Factor Authentication (2FA), this will need to be configured for their account prior to using the authentication in Finalsite. In other words, the 2FA method must be set up already, it can't be configured during or after the Finalsite login process. This relates only to a user's setup of 2FA for their account; setting up 2FA requirements on the domain level should not impact the authentication with Finalsite.
- Third-party authentication logs you into both Finalsite and Google. This means you must log out of both, if accessing on a public computer.
We recommend that any roles authenticating via Google have the ability to self-update passwords disabled in Constituent Manager > Roles > Settings.