What is Single Sign On (SSO)?
SSO allows schools to use their existing identity management solution for users to authenticate and sign into GiveCampus.
GiveCampus utilizes the SAML protocol to support SSO.
Who can leverage SSO on GiveCampus?
To understand if you can leverage Single Sign On on GiveCampus, you’ll need to answer two questions.
- Is SSO part of my GiveCampus Plan?
GiveCampus partners who have purchased the GiveCampus Advanced Platform Plan, or have bought SSO as an add-on to their VMS agreement can leverage SSO. - Who should be able to sign in using SSO?
You can decide to enable SSO for your Volunteers within GC Volunteer Management or for Administrators platform wide. Note: Enabling SSO for Volunteers in the VMS does not impact the advocate login experience.
Interested in adding SSO to your GiveCampus Platform Plan? Reach out to your partner success manager.
How to Enable SSO:
GiveCampus utilizes the SAML protocol to support SSO. Enabling SSO is a two step process that will likely require collaboration with your IT department. Once the required identity provider information has been provided, single sign-on should begin working immediately on your GiveCampus branded login page. Please email support@givecampus.com if you have any questions.
Step 1: Import GiveCampus SAML into your existing identity management solution.
Please refer to https://www.givecampus.com/auth/saml/metadata?uuid=SCHOOLNAME for the GiveCampus SAML metadata that will need to be imported into your existing identity management solution.
Step 2: Add metadata from your existing identity management solution into GiveCampus.
To enter this information, visit your School Dashboard > Settings > Authentication. This page will also let you configure which login options are presented to volunteers and administrators on your branded GiveCampus login page. Metadata requirements are described in detail below.
Required Fields:
- Admin Login Button Text * This is the text for the button that administrators will click on your branded GiveCampus login page to initiate the single sign-on process.
- Volunteer Login Button Text * This is the text for the button that volunteers will click on your branded GiveCampus login page to initiate the single sign-on process.
- Name (of SSO solution) * This is the name you use to refer to your existing identity management solution (e.g., “Shibboleth”).
- IDP Metadata Endpoint * This is a URL hosted within your school’s internal IT infrastructure that provides metadata about your institution’s existing identity management solution.
- UUID * When GiveCampus receives a successful SAML login response back from a partner institution, we use this UUID field in order to pair the user with the correct identity provider within our system.
- IDP Entity * We recommend setting this field to https://www.givecampus.com
- Single Sign-on URL * This is the URL within your internal IT infrastructure that GiveCampus will redirect your volunteers and administrators to when they click the login button on your branded GiveCampus login page.
- Name Identifier Format * This is the format for the user’s name and email address in the SAML response you send back to GiveCampus after a successful login attempt. We recommend using the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress format, but have provided the configuration option on the off-chance your team needs to override it.
- Certificate (in PEM format) * This is a public key provided by your institution in order to facilitate secure authentication communication between both parties.
- Single Logout URL When logging out of GiveCampus, this URL gets triggered behind-the-scenes in order to end the user’s session within your institution’s existing identity management solution.
IDP Specific Configurations
Microsoft Entra ID
