Slate Portals have several options for authentication, depending on the constituents using the portal.
Portals that are public facing and do not require login or any form of authentication will use the 'Anonymous/Guest' security setting. This form of authentication is the least secure, as no credentials are required, and should only be used for portals that will never display any kind of personal or sensitive data.
Person portals are less frequently used, as they can create a barrier to entry for prospects and inquiries, requiring them to create a username and password to access information in the portal.
A portal using 'Person' authentication requires that a pin be generated for person records using either Upload Dataset or Batch Management.
Upload Dataset
Institutions can import a list of records who should receive pins and set a Static Mapping value of 'Yes' for 'Generate PIN'.
| Destination | Value |
|---|---|
| Record - Generate Pin | Yes |
Query
Alternatively, institutions can run a query and select 'Generate PIN' as the Output for a Batch Management action.
Deliver
An institution can then create a custom Deliver email to send records their username and pin and instructions on logging into the portal. These records will create their own password upon first login.
Alternatively, you can send a personalized link rather than requiring login:
- ?key=(Person GUID) - to bypass the login page
- &person=(Person GUID) - to make sure any event registrations are associated with the correct person record
Important!
PINs expire 12 months after creation.
Portals that use 'Application' security, such as the Applicant Status Portal, typically use the same authentication that the applicant used when creating their account and starting their application. Applicants create an account, receive a username (their email address) and pin (a randomly generated number, populated on the person's account with an application is created in the active period) via a System Email, and then create their own password upon first login.
Imported Application
Institutions using an imported application, like the Common Application, will have a custom Deliver email that will send out the applicant's username and pin.
Upload Dataset and Query
Pins can also be generated via Upload Dataset and Batch Management after running a query.
| Destination | Value |
|---|---|
| Record - Generate Pin | Yes |
SSO Authentication
Additionally, other applications based portals, such as an admitted student portal, can be authenticated using an institution's SSO. For more information, please refer to this article on Using SSO for Applicants.
User security portals will only be accessible to Slate users and will leverage the institution's SSO for authentication.
Important!
Permissions in Slate are not observed within the Portal. For example, if in Slate, a user cannot access applicants but they have access to a custom portal where applicants are displayed, they will be able to view the applicants. Restrictions for portals will need to be built in using filters on the portal itself or within the portal queries.
Dataset portals can use either Slate authentication with a username and pin or an institution's SSO. Institutions may also choose to 'Enable access via secure link' without requiring login.
Secure Link
Enabling the 'Secure Link' setting allows dataset records to click on a personalized link containing their GUID to access the portal. No username and password are required. The link is constructed as follows:
https://apply.slateuniversity.edu/portal/key_of_portal?key=GUID_of_dataset_recordThis link can be emailed to dataset records.
For security purposes, if information displayed on the portal could be personally identifying or otherwise sensitive, we recommend against enabling the 'Secure Link' setting.
Slate Authentication
To use Slate authentication, dataset records will need to have a username set to their email address via a rule. Typically, this will be a Rule Formula in the Rules Editor. Refer to the following table for an overview of the rule settings.
| Action | Add Export | Formula |
|---|---|---|
| Replace Values from Formula |
Configure the Rule
|
|
Important!
When using Slate authentication for dataset portals, the username must be an email address to ensure delivery of reset password emails.
Once a username is set for a dataset row record, a pin will be automatically generated.
Username and pin can then be used in a custom Deliver email to notify dataset records with instructions for accessing the portal. Similar to applicants, dataset records will create their own password upon first login.
Using Slate authentication for dataset portal would look like this, with the 'Use SSO' setting set to 'Inactive'.
- Status - Active
- Key - alumni_view
- Name - Alumni Interviewing Portal (assignment by captains)
- Default View - Home Default
- Security - Dataset: Alumni Volunteers
- Secure Link - Disable via secure link and require login
- Use SSO - Inactive
SSO Authentication
Should an institution wish to use their SSO for dataset portals, the username for the dataset records must be set to their SSO username. SSO usernames can be imported via Upload Dataset.
| Source | Destination |
|---|---|
| Username in SIS | Record - Username |
With SSO, communications regarding portal login will not need to include a pin, as it will not be used in the authentication process.
Using SSO for a dataset portal would look like this, with the 'Use SSO' setting set to 'Active'.
- Status - Active
- Key - alumni_view
- Name - Alumni Interviewing Portal (assignment by captains)
- Default View - Home Default
- Security - Dataset: Alumni Volunteers
- Secure Link - Disable via secure link and require login
- Use SSO - Active