Log in to Finalsite Enrollment: The connected SSO experience

Finalsite’s new login experience is built to boost security, simplify authentication, and create a seamless gateway across products. Whether you're logging in for the first time or switching between tools, this article will show you how it works!

Single sign-on is here!

A connected SSO experience is now rolling out to all Finalsite clients! Finalsite is currently transitioning all clients to a connected SSO experience. Because this is a regional rollout, the availability of MFA and certain login features depends on which experience your school is currently utilizing.

This major upgrade includes:

• enhanced security with multi-factor authentication
• support for Google and Microsoft identity providers (IdPs)
• a modern, consistent login experience across all Finalsite products

When enabled, you will automatically be logged out of your Finalsite products. Upon return, you'll see a newly designed login page.

Coming soon: Enhanced parent login experience

We are excited to announce that an updated Parent Portal login experience is launching in the coming weeks!

• What’s New: A refreshed pre-login screen where schools can add their logo and specific instructions.
• Login Options: Families will have three clear options: Email/Password, Google SSO, and Microsoft SSO.
• No Action Required: This update will be released to all families automatically. Your school does not need to perform any manual setup to enable these features.

Current Status: In the meantime, families will continue to see the standard login screen. For more details on the current process, please refer to our “Parent Portal: Parent Experience” article.

Wondering which login experience your school currently has? 

You can identify your current login experience by looking at your login screen.

Connected SSO experience Legacy login experience

If you see this login screen, you have been upgraded to the connect SSO experience: 

Finalsite’s new login experience is built to boost security, simplify authentication, and create a seamless gateway across products. Whether you're logging in for the first time or switching between tools, learn more about how to manage the features in this newer login experience in this article, "Log in to Finalsite Enrollment: The connected SSO experience." 

If you are a Finalsite client that has not yet been moved over to the universal, connected SSO screen, you may still see this legacy log in experience: 

To learn more about how to manage the legacy login features, check out the article, "Log in to Finalsite: The legacy login experience."

In this Article

• Wondering which login experience you have?
• FAQs before you start...
• Log in to your account
  • Navigate to the login screen
  • Log in using your email and password
  • Log in using Identity Provider (IDP)
• Troubleshoot login attempts
  • Forgot your password?
• Required: Multi-factor authentication (MFA)
  • Log in and enroll with MFA (first login)
    • Method of authentication: Email
    • Method of authentication: Authentication app
  • Use MFA on a daily basis (subsequent logins)
• Verify your account
• Switch between products seamlessly
• Manage your post-login experience

The benefits of this experience include:

• One sign-in for multiple tools
• Fewer credentials to manage
• Stronger authentication with supported Identity Providers (IDPs)
• Configurable security and timeout settings

During onboarding, your school will determine if admin users will sign in with email/password or IdP (Google or Microsoft). Once activated, your users will log in via their email and password or the school's selected IdP. The session is protected and monitored, with automatic timeouts after inactivity. 

FAQs before you start...

Already have an EMS admin portal account? 

• Skip to the Log in to your account section below.

Don’t have an EMS admin portal account? 

• Click the Create a new account button on the log in screen

  

• On the Register screen, enter your email and create a password. Your password must meet the following requirements:
  • Must be between 12 and 256 characters in length
  • Must contain both upper and lower case characters
  • Must contain at least one non-alphanumeric character
  • Must contain at least one number
• Set up multi-factor authentication (MFA) by selecting between Email and Authenticator app. See the Use multi-factor authentication (MFA) section below to learn more about these options.
• Verify your account. You will receive an email with a verification link which the user must click to verify their account within 24 hours.
• What’s next?
  • ✅ If a System Admin at the school has already authorized you as a user on the Admin Accounts page, you will be able to log in immediately after creating and verifying your account.
  • ❌ If your account has not been authorized yet, you will land on an error page. The school will need to authorize your account with the same email you used to create the account before you can log in.

Log in to your account

Here is a general overview of how users log in, regardless of which product they start with.

Navigate to the login screen

The format depends on your school's location:

United States and Global Clients (outside of Canada)

• Link Format: https://[Subdomain Here].fsenrollment.com/admin
• Example: https://myschool.fsenrollment.com/admin

Canadian Clients

• Link Format: https://[Subdomain Here].fsenrollment.ca/admin
• Example: https://mycanadianschool.fsenrollment.ca/admin

Users will be guided to log in with one of the following options:

• Email & password
• School’s selected IDP: Google or Microsoft

Log in using your email and password

• Enter email into the Username field and click Next
• Enter your password
• If email/username and password are valid, you will land on the dashboard. 
  • Max 3 login attempts allowed.

Log in using Identity Provider (IDP)

• Users will click the displayed Sign in with Google or Sign in with Microsoft button.
• This is based on which option your school has enabled.
• In the login window that appears, users will authenticate by entering credentials.

Troubleshoot login attempts

Users may need to manage failed login attempts or forgotten credentials. Here are a few specifics on this step: 

• Three failed attempts redirects user to the Forgot password page.
• Send reset link is sent to registered email.
• User clicks link to go to the Reset password page.
• After password reset, user is redirected back to the login page.

Forgot your password?

• After entering your email address, click Forgot password under the Password field.
• Enter your email address
• Follow the prompts in the email you received to reset your password.

Required: Multi-factor authentication (MFA)

Multi-factor authentication (MFA) provides an extra layer of security beyond just an email and password. This process ensures that only the authorized user can access the account, even if their password is compromised.

Here are the typical steps a user goes through when enrolling in and using MFA (often prompted during initial sign-in or via their Identity Provider):

Log in and enroll with MFA (first login)

This is a one-time process to link a second verification method to your account.

• Enter primary credentials (Email/password or IdP).
• A setup screen prompts you for the second security layer.
• Select your Method of authentication (Email or Authenticator app).

Method of authentication: Email

1. Enter an email address and click Send code. This code works only once and needs to be entered within 15 minutes.
2. Enter the one-time code from your email into the Verification code field. 
3. Click Enable.

Method of authentication: Authenticator app

1. Scan the QR code.
2. Obtain a one-time code from your authenticator app and enter into the Verification code field.
3. Click Enable.
4. The system saves your device as trusted, completing enrollment and granting access.

Use MFA on a daily basis (subsequent logins)

On your next log in attempt, you will be prompted to follow these steps to sign in:

1. Log in using email and password or IdP.
2. A verification screen immediately prompts for your MFA code.
3. Select your Method of authentication (Email or Authenticator app).
4. Input the time-sensitive One-Time Code (OTC) from your chosen method.

On the Authentication challenge screen, select the Trust this computer for 30 days checkbox. This will remove the MFA requirement for 30 days so you will not be prompted to complete this step on each login.

Verify your account

All users will be required to verify their account at the time of account creation. After creating the account and setting up MFA, the user will receive an email with a verification link.

• The email will ask you to click a link to verify your email address.
• You must verify your email within 24 hours in order to maintain access to your account.

Verification is a one-time requirement that is only completed at the time of creating the account.

Switch between products seamlessly

Once you are logged in, you can switch products and remain logged in. Your session stays active, so there's no need to re-enter credentials as you navigate between Finalsite products. 

Manage your post-login experience

Activity timer

• Upon successful login, a user session is created.
• User gains access to the platform and is seamlessly connected to other Finalsite products which have been configured with SSO.
• After 60 minutes of inactivity:
  • Session is terminated
  • User is redirected to the login page
  • Display message confirms termination of session with the ability to log in again

Suspicious Login Detected notification

Users may receive a "Security Alert: Suspicious Login Detected" email from Finalsite after a log in attempt. The notification will contain the following information:

• Device details (device name, device description, device type, and user agent)
• Event details (IP address, city, country, zip code, and latitude/longitude)

If you do not recognize the details in the email and you suspect it was not you who tried to log in, please change your password as soon as possible by following the directions in the Forgot you password? section above.