Attention: Migrate Users To Blackbaud ID 8294

Attention: Migrate Users To Blackbaud ID


We have an important update for you about Blackbaud ID. You’ve likely heard the news. Keep reading for tips and details.

The last day users can log in with legacy usernames and passwords is July 25, 2022. On July 26, all users must log in with Blackbaud ID.

Platform managers can migrate users to Blackbaud ID via the links on the Core home dashboard. They can also export user lists for use in mail merges and other communications.

Blackbaud ID enables each user at your school to access your Blackbaud products and services – such as Education Management, Raiser’s Edge NXT, Tuition Management, the user community, and more – with a single account. Additional benefits include:
  • Blackbaud ID is a platform capability that exclusively focuses on authentication and staying current with the ever-evolving security landscape. By transitioning to Blackbaud ID, your data is secured behind stronger authentication standards, and the BBEM development team can focus on other mission-driven initiatives to better serve you.
  • Blackbaud ID enables you to securely sign in to the Blackbaud solutions ecosystem. By default, it uses Blackbaud or Google's secure authentication service, but organizations can also enable single sign-on (SSO) to sign in through their identity providers and manage the users in their claimed domains.
  • Blackbaud ID provides enhanced password protection and brute force protection on all login attempts.
  • Blackbaud ID enables you to enhance security with multi-factor authentication through text messages or mobile authenticators.
  • Blackbaud ID provides secure access to multiple Blackbaud solutions and Support resources.
  • Blackbaud ID enables social authentication through Google, which uses Google's authentication requirements, password resets, and other support needs.
What do I need to do?
  1. Set up Single Sign-on (SSO) (recommended).
    1. If you have SSO set up in Core but not in the Admin Console, you will need to establish a new SSO connection directly within Admin Console for your BBID accounts.
  2. Customize your BBID login page branding.
  3. Customize your BBID invitation notification under Core > Communication > Notifications > User Management category - “Blackbaud ID Invite.”
  4. Invite users to log in using BBID.
How do I know if I need to establish a new SSO connection?
  1. If faculty and students at your organization are signing in with their school email address and being redirected to a non-Blackbaud page to authenticate with your Identity Provider, then your users are signing in with SSO.
  2. If everyone at your organization signs in by entering a username and password on the or website, and if you are able to reset the username and password for those users from their Core profile, then SSO is currently not enabled.
  3. Blackbaud recommends establishing a SSO connection between Blackbaud ID and your Identity Provider (often Google or Microsoft). An SSO connection improves your organization’s security posture by reducing the number of accounts an individual needs to manage.
What is changing?
  • School admins will no longer be able to reset a username or password for users who are not on SSO with your identity provider. Users can recover their own accounts with a first-class experience – as long as they have access to their email. However, Blackbaud provides detailed instructions to help an administrator walk a user through the process.
  • You have the option to customize the summary and login help link text on the BBID login page.
What isn’t changing in July?
  • All schools who have an SSO connection will continue to manage those users directly with the Identity Provider.
  • Upon login, users will automatically be redirected to their landing page in BBEM
  • Minimum password strength
  • Existing customizable login help text in BBEM
Do parents, board members, and alumni need to be on my Identity Provider and SSO?
  • No! The vast majority of schools do not give their parents school email addresses. Technically, none of your users have to be on SSO; they can register any valid email address with BBID as long as they own and can access the account.
Upcoming enhancements for Blackbaud ID in Blackbaud Education Management:
  • By late April, you’ll be able to opt into the BBID requirement ahead of time. On the Blackbaud ID authentication page in Core, simply select the "Enforce Blackbaud ID authentication” button to disable legacy authentication. We recommend doing this to ensure all constituents become familiar with the new login before the rush of back-to-school logins at the end of the summer.
  • By May, if you opt into the BBID requirement, you will also be able to offer a self-registration workflow for your non-SSO users. That means they will be able to log in with their legacy username and password and be directed through a BBID registration process.
  • Watch the weekly release letters for more information.
Webinars: User Community:
Many schools have already made the transition. Check out these discussions for tips directly from your peers at other schools, including sample communications. Additional documentation:
News Blackbaud K-12 Solutions™ Blog 04/07/2022 9:03am EDT

Leave a Comment


As we near the deadline for adoption, we are finding it cumbersome to repeatedly pull reports to get a sense of our adoption rate among parents. After speaking with support, I've learned the adoption rate graph on the Core homepage is based on invites, not the number of constituents who have responded to our invitation. To say those percentages are “adoption rates” is misleading because it does not actually reflect the rates of those who have adopted BBID. Instead, those percentages just tell us if we have invited everyone (or not). That second data point is by far less helpful than indicating to us where we need to focus our re-invitation efforts- either through crafting additional communications or determining a plan to manually re-invite parents.

I know this might be late in the game considering the deadline is in a few weeks, but it would be especially helpful to have this at-a-glance information as we scramble to get those remaining parents on board.

Users who are “invited” are “awaiting response” and thus will not be locked out on September 27. They'll simply need to accept the invitation and convert to Blackbaud ID. Users who haven't been invited yet, risk being locked out until they are invited and converted.

Instead of pulling reports, use the “SKY” list. As a platform manager, go to Core, Security, Blackbaud ID authentication. There are tabs for each status: Registered, Awaiting response, and Unregistered. You can invite users from there, resend invites, filter, export, etc. You shouldn't need to go to Core > Reporting to get the information.

We moved our parents over earlier this month (we already had students and employees with BBID)… however we have a parent in China that isn't receiving the Blackbaud emails (Great Firewall is the likely culprit) and so the only way they can log in is by going back to the legacy method. Can there please be exceptions to the requirement so that parents don't lose access?

What happens when BBID goes down? We would need to be able to access emergency contact information and medical information in the event of an emergency.

Hi Stephen.

I understand your concerns and frustration about what to do if BBID is down. Blackbaud will do everything possible to maximize data security and student safety.

I've found this user community to be a great resource for learning more about how various schools handle (un)expected issues. It's interesting how each school has unique needs and resources that must be included in their policies and procedures.

What is your school's plan if other vital services (utilities, vendors, internet) are down? What if the power to your part of town is down and your internet service goes down with it? What if the tier 2 fiber line (that provides service to “final/last mile” providers like Comcast, AT&T, etc.) goes down?

Without power, the internet may be inaccessible (no wifi) or very slow (overwhelmed cell towers). Without internet, you can't use BBID. Without the internet, you can't login to Education Management.

The user community is a great place to discuss emergency preparations and contingency plans like these.

When I was a school teacher and we chaperoned field trips, some of those field trips were to places without reliable internet access. To prepare, I had a printed roster on my person during the trips, and it included vital information about my students. When I returned from the field trip, I returned the printed roster to a secure location or destroyed it (I'd get a new one before the next trip).

Your school might determine that the school nurse should have printed medical cards like that from Education Management. If so, be sure to store them in compliance with HIPAA. That could be locked in a fire safe in the admin's office or perhaps locked in a file cabinet in the nurse's office. Your school's legal counsel can provide additional guidance about proper storage of critical documents and your school's responsibilities for emergency preparations.

My spouse and I are moving to a new city later this year. One of the items on our to do list is to empty the safety deposit box in our current city and move the contents to a safety deposit box in our new city. The contents of our box includes paper media, plus some digital media on portable devices (USB drive, SD cards, etc.). Some of the contents in the safety deposit box are also available to us in the cloud, but we like to keep a fairly recent copy at the bank's vault as backup.

When I enrolled my child in daycare, the daycare collected emergency contact and medical information for my child. The daycare also collected a copy of that same information to send to the state, as required by law. In the event of an emergency, the daycare can contact me and my child's medical providers. Likewise the state can contact me and my child's medical providers. As an anxious new mother, I hope neither one ever needs to use the information, but I'm glad it's there.

I think my weirdest internet outage locally happened in heavy rains when a snake attempted to flee rising waters by crawling into a transformer of some sort. The entire island lost power; the poor snake was literally toasted.

Another time, a lightening strike literally melted the internet cables to my entire neighborhood complex, including a cable buried under ground (where the cable was safe from falling trees). My ISP had to dig up the line and install all new ones.

When I was a virtual teacher working remotely, ongoing road construction near me accidentally cut my connection cables three different times in one week, in the middle of live webcam based lessons, before construction crews moved the lines to a safer location. I remember being very angry and frustrated about the repeated outages.

Ideally, all services, including BBID, will remain fully “up” all the time. Unfortunately, unexpected things do occasionally happen. When they happen, we fix them and review the incident to reduce future risks.

I'll continue to follow these conversations so that I can include best practices for emergencies and more in our help documentation.

Thank you,

Bryna Gleich

Hi Bryna, I saw the post from the PM but unfortunately their reply seems to indicate that data security is more important than student safety and that looking into a solution that accomplishes both goals isn't important. Hopefully Blackbaud will look at this again from more of a proactive standpoint rather than a reactive standpoint.

Hi Stephen. One of our PMs has posted a reply to the idea you've linked. View the idea and reply at