Security

Configure SSO and 2FA options for your organization.

At Fundraise Up, we prioritize the security of our users' accounts and supporters' information. Our Dashboard security settings are designed to enhance the protection of your account through advanced features such as Single sign-on (SSO) and Two-factor authentication (2FA). This document provides an overview of these features and instructions on how to implement them.

Single sign-on (SSO)

 
Link copied

Single sign-on simplifies the login process by allowing users to access multiple platforms with a single set of credentials. This not only increases convenience and reduces password fatigue, but also improves security by centralizing account control. Fundraise Up supports SSO through SAML 2.0, ensuring secure data exchange between your Identity Provider (IdP) and our platform.

With SSO enabled, only users with an email address from a verified domain can log in through SSO.

To use SSO, an Organization Administrator must verify the credentials received from the IdP, add at least one domain, and verify its ownership in Fundraise Up.

To learn how to set up SSO in Fundraise Up, please read our SSO guide.

SSO session duration

 
Link copied

Each SSO session lasts 12 hours, after which users are automatically logged out.

Verified domains are checked automatically every 7 days. If DNS settings are missing, the domain's verification status updates to Not Verified, and logged-in users through SSO are logged out.

Two-factor authentication (2FA)

 
Link copied

Two-factor authentication adds an extra layer of security to your Fundraise Up accounts. By requiring a second form of verification, 2FA ensures that your account and supporter information is protected from unauthorized access.

Fundraise Up supports 2FA via SMS and authenticator applications. When 2FA is enabled for a user, it means that in order to log in to their account, they must enter either a code sent to their mobile device via SMS or a code generated in an authenticator application of their choice.

Making 2FA required for all users

 
Link copied

2FA can be enabled for individual users or required for all users by an Organization Administrator. To require 2FA for all users, an Organization Administrator must first enable 2FA for their own account. Once this step is complete, 2FA can be made mandatory from the Security page of the account settings page. To do this, click the Make 2FA required button in the Two-factor authentication (2FA) section of the page.

When you make 2FA mandatory, all users who don't have 2FA set up will be automatically logged out of their Fundraise Up account. In order to log back in, they will need to set up 2FA using their preferred verification method.

Resetting 2FA

 
Link copied

If necessary, you can reset 2FA for user accounts by selecting the Reset 2FA option in the three-dot menu next to each user listed on the Team page. If 2FA is optional in your organization, this will simply remove 2FA from that account. If 2FA is required for all users in your organization, the user whose 2FA is reset will be automatically logged out of their Fundraise Up account and will need to re-enable 2FA in order to log back in.

2FA and SSO

 
Link copied

For accounts with SSO Required:

  • Regardless of your organization’s 2FA requirement status, the setting is marked as Not applicable under account settings. You cannot change it unless you switch to another SSO mode.
  • Changing the SSO mode from Required to Optional or Off reverts the 2FA status to its previous state.
  • With SSO Required, 2FA is not requested at login, even if 2FA Enabled is set in the user’s profile settings.

For accounts with SSO Optional:

  • 2FA is requested on login if 2FA Enabled in the user’s profile settings or 2FA Required for the account.
  • 2FA settings are at the discretion of users; any organization member can enable 2FA for themselves, and administrators can require 2FA for all account members.

 

In this article