This article explains Finalsite's connected single sign-on (SSO) login experience, including how to enroll in and use multi-factor authentication (MFA) and how sessions and timeouts work when switching between Finalsite products.
💡Quick answers
- What does the connected SSO experience change about logging in? It rolls out single sign-on across Finalsite products, adds multi-factor authentication, and lets users log in through a supported identity provider like Google or Facebook instead of a separate password for each tool.
- Choosing a login method on the new screen? Users can enter an email and password, or select an identity provider such as Google, Facebook, Apple, or SAML, with more providers planned.
- What happens after three failed login attempts? The user is redirected to the Forgot password page, and a reset link is sent to their registered email address.
- How is multi-factor authentication set up the first time? Steps: enter primary credentials, choose a method of authentication (email or an authenticator app), then enter the one-time code to complete enrollment.
- Locking out after repeated failed MFA attempts? Three incorrect attempts locks the account for 10 minutes; a second lockout in a row requires contacting Finalsite Support to regain access.
- Can users switch between Finalsite products without logging in again? Yes; once authenticated, the session stays active across products, so no additional credentials are needed while switching.
Single sign-on is here!
A connected SSO experience is now rolling out to all Finalsite clients!
This major upgrade includes:
- enhanced security with multi-factor authentication
- support for popular identity providers (IdPs) like Google or Facebook
- a modern, consistent login experience across all Finalsite products
When enabled, you and your families will automatically be logged out of your Finalsite products. Upon return, you'll see a newly designed login page.
Wondering which login experience you currently have?Â
If you see this login screen, you have been upgraded to the connect SSO experience:Â
Finalsite’s new login experience is built to boost security, simplify authentication, and create a seamless gateway across products. Whether you're logging in for the first time or switching between tools, learn more about how to manage the features in this newer login experience in the article, "Log in to Finalsite: The connected SSO experience."Â
If you are a Finalsite client that has not yet been moved over to the universal, connected SSO screen, you may still see this legacy log in experience:Â
To learn more about how to manage the legacy login features, check out the article, "Log in to Finalsite: The legacy login experience."
How do I get started with the new connected SSO experience?
Our goal is for all users to eventually transition to a Unified SSO experience to provide a single, seamless login across all Finalsite products.
No action is required now: We are rolling out SSO in waves. You will be informed with a notification and we will reach out if any additional action is needed.
Stay informed: We will provide full documentation and support throughout the transition process.
In this article
- Wondering which login experience you have?Â
- Log in to your account
- Use multi-factor authentication (MFA)Â
- Switch between products seamlessly
- Manage your post-login experience
The benefits of this experience include:
- One sign-in for multiple tools
- Fewer credentials to manage
- Stronger authentication with supported Identity Providers (IDPs)
- Configurable security and timeout settings
During onboarding, configurations will be completed with your selected identity provider. Once activated, your users will log in via their chosen IDP. The session is protected and monitored, with automatic timeouts after inactivity.Â
Log in to your account
Here is a general overview of how users log in, regardless of which product they start with.
Navigate to the login screen
- Returning users: Log in using credentials or displaying IDP option.
- New users: Create an account directly from the login page.
- Parents and admins: Will be prompted to verify their email.
- Admins: Will no longer receive a system generated password.
Choose login method
Users will be guided to login or create a new account with one of the following options:
- Email / username + password
- Selected IDP: Google, Facebook, Apple, SAML, and more coming soon.
Log in using your Email/username and password
- Enter email and password.
- If email/username and password are valid, you will land on the dashboard.Â
- Max 3 attempts allowed.
Log in using your Identity Provider (IDP)
- Users will click their preferred IDP.
- In the opened login window, users can then authenticate by entering credentials.
Troubleshoot login attempts
Users may need to manage failed login attempts or forgotten credentials. Here are a few specifics on this step:Â
- Three failed attempts redirects user to the Forgot password page.
- Send reset link is sent to registered email.
- User clicks link to go to the Reset password page.
- After password reset, user is redirected back to the login page.
Use multi-factor authentication (MFA)Â
Multi-factor authentication (MFA) provides an extra layer of security beyond just a username and password. This process ensures that only the authorized user can access the account, even if their password is compromised.
Here are the typical steps a user goes through when enrolling in and using MFA (often prompted during initial sign-in or via their Identity Provider):
Log in and enroll with MFA (first login)
This is a one-time process to link a second verification method to your account.
- Enter primary credentials (Email/password or IdP).
- A setup screen prompts you for the second security layer.
- Select your Method of authentication (Email or Authenticator app).
Method of authentication: Email
- Enter an email address and click Send code. This code works only once.Â
- Enter the one-time code from your email into the Verification code field.Â
- Click Enable.
Method of authentication: Authenticator app
- Scan the QR code.
- Obtain a one-time code from your authenticator app and enter into the Verification code field.
- Click Enable.
- The system saves your device as trusted, completing enrollment and granting access.
Account lockout warning
If you enter incorrect credentials three times, your account will be locked for 10 minutes for security purposes. If you are locked out two times in a row, you must contact Finalsite Support to regain access.
Use MFA on a daily basis (subsequent logins)
After enrollment, daily login requires one extra step for authentication.
- Enter your username and password or select your IdP login method.
- A verification screen immediately prompts for your MFA code.
- Select your Method of authentication (Email or Authenticator app).
- Input the time-sensitive One-Time Code (OTC) from your chosen method.
- The session is authenticated, granting secured access to the platform.
Switch between products seamlessly
Once you are logged in, you can switch products and remain logged in. Your session stays active, so there's no need to re-enter credentials as you navigate between Finalsite products.Â
Manage your post-login experience
- Upon successful login, a user session is created.
- User gains access to the platform.
- User is seamlessly connected to other Finalsite products which have been configured with SSO.
- After 60 minutes of inactivity:
- Session is terminated
- User is redirected to the login page
- Display message confirms termination of session
Comments
Please Sign in to leave a comment if you don't see the comment box below.