Google G Suite as Native API Connector: Single Sign On (SSO) for Blackbaud ID
Previously, we recommended using the generic SAML 2.0 to connect your Blackbaud solutions to Google G Suite as your Identity provider.
Based on your feedback, we released a native connector via Google’s API to improve the user experience. We now recommend this native connector for schools that use Google G Suite as your identity provider.
-
To make the switch, from your Core home dashboard, under Admin console, select Authentication to view your school's Admin console for your Blackbaud solutions. Then follow these instructions.
-
To set up the native connector, from your Core home dashboard, under Admin console, select Authentication to view your school's Admin console for your Blackbaud solutions. Then follow these instructions.
If you are switching from the generic SAML 2.0 to the native/API connector consider:
-
If a user has more than one Google account (such as personal and business), or if multiple users share a computer and log into Google (students share a classroom or family computer), the Blackbaud login experience will prompt the user to choose the right Google account to continue for authentication. This prevents multi-account collisions and 403 errors.
-
The steps to configure the Google G Suite connector are simpler than the SAML 2.0 configuration.
-
You'll register Blackbaud applications (such as Education Management) in the Google apps drop down in a different way (with additional steps).
-
Before you replace an existing SAML 2.0 connection with the new Google G Suite connector, if you depend on the Google app experience, be sure you review documentation from Google about how to add an application from the Google G Suite Marketplace to an entire domain or individual Google G Suite accounts.
Since each school brands the Education Management solution as their ‘own," this must be completed by the Google Admin at your school instead of Blackbaud Customer Support. Blackbaud Customer Support can't access your configuration in your Google G Suite Admin console to assist with this.
-
We recommend you make this switch when it is convenient for you. Keep in mind that when you take down one SSO connector (SAML 2.0) all your school's Blackbaud ID users will receive an email. They'll receive another email when you set up the new connector (Google G Suite). Then, you should remove the previous SAML 2.0 app from the users' Google apps launcher. Although you'll need to alert users about a planned maintenance time for your school to switch from SAML 2.0 to Google G Suite Connector, the configuration should not affect users' login experience.
Note: You are not required to switch your Blackbaud ID SSO connection from SAML 2.0 to this Google G Suite Connector--especially if your users have not experienced interruptions in their login experiences.
For information specific to Google, review the following.
-
The Google G Suite Marketplace is integrated with the Google G Suite Admin console, so that domain administrators can quickly find, install, and authorize apps for some or all of their users.
-
You must list your Blackbaud Education Management solution as an app in the Marketplace for your domain only (Google approval is not required) with your application banner, an icon, and the Universal Navigation Extension. The Universal Navigation Extension places a menu item for your app in the universal navigation bar, shown at the top of the page in each Google app. You must include a URL in the field that appears to {yourschool}.myschoolapp.com/app#login
Tip: To interact with your peers at other schools who have completed or who are working through this step, visit the Blackbaud User Community online.
Tip: Some authentication settings are not accessible while impersonating. To set up authentication for your school, log in as the platform manager who has organization admin rights instead of impersonating one.