Blackbaud On Integration: Authentication

Schools with Blackbaud On integrations can allow users to login to the website using their existing On usernames and passwords.

When Blackbaud Authentication is activated, users will follow this login process:

  • User goes to the Finalsite login page, as usual
  • On the login page, there is a link directing users to "Login with On"
  • When a user hits this link:
    • IF THEY ARE LOGGED INTO BLACKBAUD ON ALREADY, they will be immediately authenticated in Finalsite and land on the appropriate portal
    • IF THEY ARE NOT LOGGED INTO BLACKBAUD ON ALREADY, they will be redirected to the On login page where they can enter their credentials.  If the credentials are valid, they will be redirected back to Finalsite and land on the appropriate portal.
  • Once logged into Finalsite this way, the user is authenticated in both systems. This means that users who click links from the Finalsite portal to protected areas of On would land on the appropriate page, without having to login again. 

Staggered Logins

Composer sites can be set to use a “Staggered” login, which splits up the username and password entry for users:

  • User goes to the Finalsite login page, as usual
  • User is prompted for their username, enters and submits it
  • Our system detects this user is authenticated via On (per the role settings on the authentication) and:
    • IF THEY ARE LOGGED INTO BLACKBAUD ON ALREADY, they will be immediately authenticated in Finalsite and land on the appropriate portal
    • IF THEY ARE NOT LOGGED INTO BLACKBAUD ON ALREADY, they will be redirected to the On login page where they can enter their credentials.  If the credentials are valid, they will be redirected back to Finalsite and land on the appropriate portal.
  • Once logged into Finalsite this way, the user is authenticated in both systems. This means that users who click links from the Finalsite portal to protected areas of On would land on the appropriate page, without having to login again. 

It is important to note that when using staggered logins, ALL users in the roles that login via On will need to have their own On account.  Users in these roles who ONLY have Finalsite accounts (and not On accounts) will not be able to login.

The setup for this is documented by Blackbaud here: https://docs.blackbaud.com/on-api-docs/tutorials/jwt-sso . Your deployment specialist will provide you with more detailed steps if you are configuring authentication via On.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please Sign in to leave a comment if you don't see the comment box below.