Single Sign On (SSO) button allows login with non-domain email?
When a user clicks the SSO button at login but isn't using an email address with our registered domain, it still allows them to log in. In the case I tested, it was a Gmail address. After entering the email and click the SSO button, I'm brought to Google login and get in without issue.
I'm wondering if the system is actually checking the domain and automatically redirects as a feature (maybe I'm forgetting where that was mentioned in initial setup), or if there's an actual error letting non-domain emails through. We use Google Workspace for our SSO, and have a our claimed domain in Admin > Security > Authentication > Manage SSO settings > Claimed Domains.
#BBID #sso #singlesignon
Comments
-
@Daniel Wallach hi there! The SSO button is designed to help users who start on a non-myschoolapp page. If your users first enter their email at yourschool.myschoolapp.com, they're automatically redirected to a recognized domain IdP or to the appropriate alternative, based on what BBID knows about the email address.
If, however, someone happens to land on the page with the 4 authentication method buttons and select SSO, the login page will either A) recognize the claimed email domain and route them to that IdP or
route them to sign in/up with Google, Apple, or email.Sign in/up workflows were designed with the least technically savvy users in mind
1 -
@Daniel Wallach similarly, if somebody tries to sign up through the email/Google route but they're on a claimed domain, they'll be routed through the SSO. Same song, different verse.
1 -
@Jessi Walters
Thanks! Couldn't find confirmation of what happens when clicking SSO with a non-domain email in the KB, whether an error message or redirect to appropriate authentication method. It does happen occasionally that people land on the page with authentication mentiod choices.With your clarification and testing I did with a demo account using a non-domain email, I now know what's happening on the user end and know my answers to them are reliable ?
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 209 bbcon®
- 1.4K Blackbaud Altru®
- 394 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 359 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 646 Blackbaud Grantmaking™
- 563 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 934 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.4K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 243 ResearchPoint™
- 118 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 238 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 28 PowerUp Challenges
- 3 (Open) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 779 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)