What is Single Sign On (SSO)?
SSO allows schools to use their existing identity management solution for users to authenticate and sign into GiveCampus.
GiveCampus utilizes the SAML protocol to support SSO.
Who can leverage SSO on GiveCampus?
To understand if you can leverage Single Sign On on GiveCampus, you’ll need to answer two questions.
-
Is SSO part of my GiveCampus Plan?
Reach out to your Partner Success Manager to see if SSO is part of your plan!
-
Who should be able to sign in using SSO?
You can decide to enable SSO for your Volunteers within GC Volunteer Management or for Administrators platform wide. Note: Enabling SSO for Volunteers in the VMS does not impact the advocate login experience.
Interested in adding SSO to your GiveCampus Platform Plan? Reach out to your partner success manager.
How to Enable SSO:
GiveCampus utilizes the SAML protocol to support SSO. Enabling SSO is a two step process that will likely require collaboration with your IT department. Once the required identity provider information has been provided, single sign-on should begin working immediately on your GiveCampus branded login page. Please email support@givecampus.com if you have any questions.
Step 1: Import GiveCampus SAML into your existing identity management solution.
Please refer to https://www.givecampus.com/auth/saml/metadata?uuid=SCHOOLNAME for the GiveCampus SAML metadata that will need to be imported into your existing identity management solution.
FAQ — What is the "UUID" in the metadata URL and where do I find it?
Q: The metadata URL uses a value called "UUID" (for example: https://www.givecampus.com/auth/saml/metadata?uuid=YOUR_UUID). What is that value and where do I find it?
A: The UUID in the metadata URL is the exact value in the UUID field on your Authentication Settings page. It is not your school's display name. Use the value shown (character-for-character) when replacing YOUR_UUID in the metadata URL.
How to find the UUID in the GiveCampus admin UI
- Open the Authentication Settings page: Home > Settings > Authentication Settings.
- Alternatively, access it directly at
https://www.givecampus.com/schools/[school_name]/dashboard/authentication_settings(replace[school_name]with your school's URL slug). - Scroll to the SAML Identity Provider section and locate the UUID field.
Quick notes and gotchas
- The UUID is often set to your school's URL slug (for example,
exampleschool), but always use the value shown in the UUID field. - Import the metadata URL as:
https://www.givecampus.com/auth/saml/metadata?uuid=YOUR_UUID, substituting YOUR_UUID with the exact value from the Authentication Settings page. - If your school shares an identity provider with another institution, the SAML Identity Provider section may display an informational message instead of editable fields.
- A message such as, "SAML Identity Provider is linked to your institution through [school name]..." indicates that your UUID cannot be edited directly. In this case, contact your GiveCampus representative for assistance.
If you can't find the Authentication Settings page
The Authentication Settings page appears only when SSO is enabled for your account. If the page is missing or the direct URL redirects, please refer to the Why the Authentication page might be missing section above. Once access is available, return to Home > Settings > Authentication Settings to locate the UUID field.
Step 2: Add metadata from your existing identity management solution into GiveCampus.
To enter this information, visit your School Dashboard > Settings > Authentication. This page will also let you configure which login options are presented to volunteers and administrators on your branded GiveCampus login page. Metadata requirements are described in detail below.
Enabling the "SSO Required for Admins" setting
Once your SSO configuration is complete and tested, you can require all administrators to sign in using SAML.
How to enable the setting
-
Navigate to Authentication Settings
- Go to School Dashboard > Settings > Authentication Settings.
- Scroll to the SAML Authentication section.
-
Enable the requirement
- Check the box labeled "Require Administrators to sign in with SAML".
- Save your settings.
-
Verify the change
- Test the administrator sign-in at:
https://www.givecampus.com/schools/[school_name]/admin/login. - Confirm that administrators are redirected to your SSO provider.
- Test the administrator sign-in at:
Pre-enablement checklist
Before enabling this setting, ensure that:
- SSO is included in your GiveCampus plan (see the "Who can leverage SSO on GiveCampus?" section above).
- Your SSO configuration has been fully tested with a successful SAML round-trip and valid SAML attributes and certificate.
- Administrator accounts are registered with the exact email addresses sent by your identity provider (see the "New administrators: complete registration before using SSO" section).
- Your IdP configuration is verified, including email/name identifier format, certificate validity, and Single Logout URL behavior.
After enabling
Once enabled, administrators must authenticate through your institution’s SSO provider. If issues arise, then:
- Confirm that the email address in GiveCampus matches the one provided by your IdP.
- Check that administrator permissions are active.
- Refer to the troubleshooting guidance in the "Troubleshooting SSO error messages" section above.
Required Fields:
- Admin Login Button Text: This is the text for the button that administrators will click on your branded GiveCampus login page to initiate the single sign-on process. ("Log in with SSO" is used in the screenshot below in the 'Login Options' section!)
- Volunteer Login Button Text: This is the text for the button that volunteers will click on your branded GiveCampus login page to initiate the single sign-on process.
- Name (of SSO solution): This is the name you use to refer to your existing identity management solution (e.g., “Shibboleth”).
- IDP Metadata Endpoint: This is a URL hosted within your school’s internal IT infrastructure that provides metadata about your institution’s existing identity management solution.
- UUID: When GiveCampus receives a successful SAML login response back from a partner institution, we use this UUID field in order to pair the user with the correct identity provider within our system.
- IDP Entity: We recommend setting this field to https://www.givecampus.com
- Single Sign-on URL: This is the URL within your internal IT infrastructure that GiveCampus will redirect your volunteers and administrators to when they click the login button on your branded GiveCampus login page.
- Name Identifier Format: This is the format for the user’s name and email address in the SAML response you send back to GiveCampus after a successful login attempt. We recommend using the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress format, but have provided the configuration option on the off-chance your team needs to override it.
- Certificate (in PEM format): This is a public key provided by your institution in order to facilitate secure authentication communication between both parties.
- Single Logout URL: When logging out of GiveCampus, this URL gets triggered behind-the-scenes in order to end the user’s session within your institution’s existing identity management solution.
Login Options
Once SSO is configured you can customize the login options your administrators will see. In order to login to SSO and see these configuration options, admins will need to visit your admin login page at https://www.givecampus.com/schools/[school_name]/admin/login.
The below options will allows you to enable or disable each of these items on your login page:
IDP Specific Configurations
Microsoft Entra ID
To connect Microsoft Entra (and most other SSO providers) you'll need to modify a 'Claim Name' in your Microsoft settings. Please update the 'Claim Name' for the 'Value' "user.mail" to "email".
Matching your settings to these screenshots should ensure a successful connection.


SSO Configuration Access
Accessing Single Sign-On Settings
To configure Single Sign-On (SSO) for your GiveCampus instance:
Direct URL access:
If you don't see the Authentication section in your School Dashboard, try accessing it directly:
https://www.givecampus.com/schools/[YourSchoolName]/dashboard/authentication_settings
Why the Authentication page might be missing
If you don’t see the Authentication section under School Dashboard > Settings (or the direct URL returns an error or redirects you away), that visibility is controlled by a feature flag called school_level_saml_authentication. When that feature flag is not enabled for your school, the Authentication section will not appear in School Dashboard > Settings.
Only GiveCampus support can enable the school_level_saml_authentication feature flag for your account. If the flag is not enabled, you will not be able to reach the Authentication settings from the dashboard UI or by visiting the direct URL.
What to do next
- Confirm SSO is included in your GiveCampus plan by checking with your Partner Success Manager. SSO must be part of your plan before the flag should be enabled.
- Request that GiveCampus enable the school_level_saml_authentication feature flag by emailing support@givecampus.com. When you contact support, include:
- Your school name and your school slug (the value used in your GiveCampus URLs)
- The email address(es) of the administrator(s) who need access
- Whether you intend to enable SSO for Administrators, Volunteers, or both
- Any partner or onboarding contact you’ve been working with (Partner Success Manager)
- After GiveCampus support confirms the feature flag has been enabled, refresh your School Dashboard and open School Dashboard > Settings > Authentication to continue SSO configuration. If the Authentication page still does not appear, confirm that the administrator account trying to view it has the necessary administrative permissions (see the article’s permissions checklist).
Quick troubleshooting notes and gotchas
- If the direct URL returns a “not found” or redirects, that is a strong indicator the school_level_saml_authentication flag is not enabled for your account.
- Enabling the flag is an account-level change and may take a short time to propagate; wait a few minutes, then refresh the dashboard after support confirms the change.
- The article’s existing guidance about confirming administrative permissions and completing new‑admin registration still applies once the Authentication page becomes visible.
Adding the Authentication page to your admin navigation is a straightforward step once the feature flag is enabled—these instructions explain why you might not see it and exactly how to get it turned on.
Troubleshooting SSO error messages
Error messages during the SSO authentication process generally come from your school’s identity provider (IdP), not GiveCampus. This is common when you click the SSO login button and receive an error before being redirected back to GiveCampus.
Identifying the source of the error
- Error on the school's login page or IdP screen (before returning to GiveCampus): Contact your internal IT team.
- Successful IdP authentication but restricted access in GiveCampus: Verify that your GiveCampus administrator permissions are correctly configured.
Administrator provisioning checklist
- Account presence: Ensure that you’re using the same email from your IdP as the email address account on Zendesk. Some organizations use a specific email for SSO that is different than the vanity email you might share. You’ll need your GiveCampus account to match the SSO email address.
- Proper permissions: Confirm that the IdP role or entitlement mapped to GiveCampus is active and has not expired.
If you still can’t sign in
-
Confirm login options: Check if the standard email/password login is available at
https://www.givecampus.com/schools/[school_name]/admin/login. - Work with IT: Provide your IT team with a screenshot of the IdP error, the exact time (with time zone), and your email address so they can locate the failed sign‐in attempt.
Required permissions:
- SSO must be enabled for your GiveCampus plan
- Administrative access to your GiveCampus account
If the page still doesn't load:
- Verify SSO is included in your plan by contacting your Partner Success Manager
- Confirm your account has the necessary administrative permissions
New administrators: complete registration before using SSO
Even if SSO is enabled for your school, new administrators must complete registration via their invitation email before SSO can be used.
- Required registration: Registration must be completed to activate SSO.
- Use the invitation email: Click the registration link provided in your invitation email.
- Email must match: Register using the exact email address that was invited.
First-time setup steps
- Open the invitation email and click the registration link.
- Complete your GiveCampus account setup using the invited email address.
- After registering, visit
https://www.givecampus.com/schools/[school_name]/admin/loginand click your SSO login button.
Didn't receive the invitation email?
- An existing administrator can resend your invitation. Also check your spam folder.
Tip: If you can authenticate with your identity provider but cannot access the admin dashboard, it likely means your registration is incomplete.
Comments
0 comments
Article is closed for comments.