Portal Authentication Methods

Slate Portals have several options for authentication, depending on the constituents using the portal.

Anonymous / Guest

Portals that are public facing and do not require login or any form of authentication will use the 'Anonymous/Guest' security setting. This form of authentication is the least secure, as no credentials are required, and should only be used for portals that will never display any kind of personal or sensitive data.

Person

Person portals are less frequently used, as they can create a barrier to entry for prospects and inquiries, requiring them to create a username and password to access information in the portal.

A portal using 'Person' authentication requires that a pin be generated for person records using either Upload Dataset or Batch Management. 

Upload Dataset

Institutions can import a list of records who should receive pins and set a Static Mapping value of 'Yes' for 'Generate PIN'. 

Destination Value
Record - Generate Pin Yes

Query

Alternatively, institutions can run a query and select 'Generate PIN' as the Output for a Batch Management action. 

Deliver

An institution can then create a custom Deliver email to send records their username and pin and instructions on logging into the portal. These records will create their own password upon first login. 

Alternatively, you can send a personalized link rather than requiring login:

  • ?key=(Person GUID) - to bypass the login page
  • &person=(Person GUID) - to make sure any event registrations are associated with the correct person record

Important!

PINs expire 12 months after creation.

Application

Portals that use 'Application' security, such as the Applicant Status Portal, typically use the same authentication that the applicant used when creating their account and starting their application. Applicants create an account, receive a username (their email address) and pin (a randomly generated number, populated on the person's account with an application is created in the active period) via a System Email, and then create their own password upon first login.

Imported Application

Institutions using an imported application, like the Common Application, will have a custom Deliver email that will send out the applicant's username and pin.  

Upload Dataset and Query

Pins can also be generated via Upload Dataset and Batch Management after running a query. 

Destination Value
Record - Generate Pin Yes

SSO Authentication

Additionally, other applications based portals, such as an admitted student portal, can be authenticated using an institution's SSO. For more information, please refer to this article on Using SSO for Applicants.

User

User security portals will only be accessible to Slate users and will leverage the institution's SSO for authentication. 

Important!

Permissions in Slate are not observed within the Portal. For example, if in Slate, a user cannot access applicants but they have access to a custom portal where applicants are displayed, they will be able to view the applicants. Restrictions for portals will need to be built in using filters on the portal itself or within the portal queries.

Dataset

Dataset portals can use either Slate authentication with a username and pin or an institution's SSO. Institutions may also choose to 'Enable access via secure link' without requiring login. 

Secure Link

Enabling the 'Secure Link' setting allows dataset records to click on a personalized link containing their GUID to access the portal. No username and password are required. The link is constructed as follows:

https://apply.slateuniversity.edu/portal/key_of_portal?key=GUID_of_dataset_record

This link can be emailed to dataset records.

For security purposes, if information displayed on the portal could be personally identifying or otherwise sensitive, we recommend against enabling the 'Secure Link' setting. 

Slate Authentication

To use Slate authentication, dataset records will need to have a username set to their email address via a rule. Typically, this will be a Rule Formula in the Rules Editor. 

Action Add Export Formula
Replace Values from Formula email @email

Important!

When using Slate authentication for dataset portals, the username must be an email address to ensure delivery of reset password emails.

Once a username is set for a dataset row record, a pin will be automatically generated. 

Username and pin can then be used in a custom Deliver email to notify dataset records with instructions for accessing the portal. Similar to applicants, dataset records will create their own password upon first login. 

Using Slate authentication for dataset portal would look like this, with the 'Use SSO' setting set to 'Inactive'. 

  • Status - Active
  • Key - alumni_view
  • Name - Alumni Interviewing Portal (assignment by captains)
  • Default View - Home Default
  • Security - Dataset: Alumni Volunteers
  • Secure Link - Disable via secure link and require login
  • Use SSO - Inactive

SSO Authentication

Should an institution wish to use their SSO for dataset portals, the username for the dataset records must be set to their SSO username. SSO usernames can be imported via Upload Dataset. 

Source Destination
Username in SIS Record - Username

With SSO, communications regarding portal login will not need to include a pin, as it will not be used in the authentication process.

Using SSO for a dataset portal would look like this, with the 'Use SSO' setting set to 'Active'. 

  • Status - Active
  • Key - alumni_view
  • Name - Alumni Interviewing Portal (assignment by captains)
  • Default View - Home Default
  • Security - Dataset: Alumni Volunteers
  • Secure Link - Disable via secure link and require login
  • Use SSO - Active
Was this article helpful?
3 out of 3 found this helpful