Single Sign-On (SSO) is a service that enables a user to use one set of authentication credentials (for example, an email address and password) to access different applications. Examples include GSuite login (“Log in with Google”) or social logins (“Log in with Facebook”).
Mentor Collective's platform supports Single Sign-On (SSO) integration for partner institutions, which allows participants to sign up and log in to their Mentor Collective account through their institution credentials (“Log in with your Bronco ID”).
SSO Configurations
SSO only needs to be set up once for your institution, and, once it’s set up, it can be enabled for any mentorship program(s) at your institution and configured to fit each program’s specific participant population. Not sure whether SSO has been set up for your institution? Contact your Mentor Collective representative.
Mentor Collective's platform has the capability to enable SSO for all user types (mentors, mentees, and program administrators). In addition, SSO can be enabled for specific user types, and exclude others, within a single program.
Example: You have a mentorship program that matches undergraduate student mentees with alumni mentors. SSO can be enabled for mentees and program administrators only - as alumni may no longer have access to their institution credentials.
If your institution has multiple programs, SSO can be enabled for participants in one program without enabling it for participants in another program at the same institution. However, SSO is enabled for program administrators at the institution level. If there are multiple mentorship programs at a single institution, all program administrators will need to either login through SSO (if they all have access to institutional credentials) or through a Mentor Collective account.
Benefits of SSO
Centralized Control Over Access
You can feel confident that only those within your institution can participate in the program and that program administrator accounts are managed centrally.
Centralized Control Over Security
Your institution can control the security policy and authentication protocol across third-party applications used by the institution, like Mentor Collective.
Streamlined User Experience
You and your program participants only have to remember one set of credentials that work across all systems at your institution - the library, Blackboard, Canvas, Mentor Collective, etc.
Is SSO Right for Your Institution / Program?
We generally recommend SSO for most programs, with a few exceptions.
Technical & Practical Limitations
Based on your participant population, if no user types will have access to an institutional credential, then SSO is not a good fit for your program. However, if some user types will have access to institutional credentials, then we can only enable SSO for that user type (see SSO Configurations section).
Additionally, there are various SSO protocols and standards used; Mentor Collective currently only supports the SAML (Security Assertion Markup Language) 2.0 standard. During the SSO setup process, your Institution IT contact will work with Mentor Collective Technical Support to confirm setup for your program is technically possible.
Mentor Collective is a member of The InCommon Federation. See Mentor Collective's InCommon page for details.
Additional Considerations
If your institution has partnered with Mentor Collective in the past, we strive to prevent duplicate accounts and maintain data integrity. Our platform uses a stable, unique identifier (e.g. Institutional ID, employee ID) as the primary "source of truth" for each user. When this method is used during user import, it drastically reduces duplicate accounts and provides a much more stable, long-term solution, even if a user's email address changes.
If you cannot provide the unique identifier, the system will use a legacy method of matching by email address. Please be aware that this legacy method carries the risk of creating duplicate accounts if the email addresses in your system and ours do not perfectly match.
When to Implement SSO
We encourage you to discuss SSO with your Mentor Collective representative as soon as you know this is an area of interest for you and your program.
If a program has already started inviting participants, SSO cannot be retroactively enabled for that program cycle, as it would prevent participants who have signed up from accessing their account.
However, it is never “too early” to implement SSO for future programs. In fact, in order to avoid any delays in future program launches, we recommend that SSO implementation begin immediately after you and your Mentor Collective representative determine it is the right fit for your program.
Mentor Collective can begin the set up process as soon as you connect us with your IT department. At a minimum, the process will take 2 weeks for institutions new to Mentor Collective, and 6 weeks for institutions that have previously partnered with Mentor Collective.
If you are ready to implement SSO, review the SSO setup process.
Once SSO is set up, it can be enabled for all future programs.
Participant Experience with SSO
If SSO is enabled for their participant type, mentors and mentees will be required to sign up and login to their Participant Dashboard using their institution credentials.
Your program sign up / login page will look slightly different. It will include your institution's logo and institution credential name (“Log in with your Bronco ID”), if provided.
Because their credentials are controlled by the institution, the "Forgot password" feature on Mentor Collective's Dashboard will not work for participants’ accounts. If they forget their institutional password, they will need to use the institutional password reset process.
Error Management:
If a participant receives an error when attempting to sign up or log in (and they know their credentials are correct), they may not be included in the access group for the Mentor Collective application, as determined by your institution's IT department. If this happens, we encourage you to reach out to your IT department for assistance and confirmation.
Alternatively, to protect data integrity, the system will raise an error and block a login if an incoming SSO attempt contains an email that points to one user and a unique identifier that points to a different user. This crucial guardrail prevents incorrect account merges. Participants can reach out to Partner Support (partnersupport@mentorcollective.org) in these cases.
Comments
Please sign in to leave a comment.