The Bloomerang Giving Platform uses Single Sign-On (SSO) to simplify login so you and your team don’t need to authenticate separately in each product.
SSO reduces password fatigue and enhances security when properly managed. It also introduces shared responsibilities between Bloomerang and your organization. Bloomerang secures the Giving Platform and SSO integration. Your organization must safeguard the environment in which SSO is used.
Bloomerang is responsible for:
Securing the Bloomerang Giving Platform.
Ensuring SSO works as intended within our systems.
Your organization is responsible for:
Securing your environment.
Securing your devices.
Securing your user accounts.
SSO streamlines login and can strengthen security, but it is not a substitute for good security hygiene. Follow the best practices outlined in this article to minimize risk, protect sensitive donor data, and get the full benefit of the Bloomerang Giving Platform’s SSO functionality.
Understanding Shared Responsibility
Bloomerang’s responsibility:
Provide a secure connection between Bloomerang products.
Follow industry best practices for authentication protocols.
Ensure data within the Bloomerang Giving Platform remains secure once authenticated.
Your organization’s responsibility:
Enforce policies for account creation, deactivation, and access control.
Manage endpoint and user security (laptops, desktops, mobile devices).
Ensure secure data management outside of Bloomerang systems.
Common Security Risks with SSO
While SSO reduces the number of credentials staff must manage, it can also amplify risks if not handled properly. Examples include:
Shared devices: If employees use shared laptops without logging out, another person could gain access to sensitive data.
Shared accounts: If multiple staff share a single account, there is no accountability, and a compromised login could affect multiple users.
Unlocked sessions: Walking away from an active session without locking or logging out exposes your organization to unauthorized access.
Weak endpoint controls: Even if SSO is secure, an infected or unsecured laptop can give attackers an entry point.
Best Practices for SSO Security
1. Device & Session Security
Always log out of the Bloomerang Giving Platform when finished working. Do not login to Bloomerang products on a shared or public device.
Require employees to lock devices (Windows:
Win+L, Mac:Control+Command+Q) when stepping away.Enable automatic lockouts on organizational laptops.
2. Account Management
Avoid shared accounts. Each user should have a unique login tied to their identity.
Immediately deactivate accounts when employees leave your organization.
Regularly audit user access and remove inactive accounts.
Users should have unique passwords and not re-use passwords from other systems.
3. Strong Authentication Policies
Require Multi-Factor Authentication (MFA) for all users and accounts. MFA is supported on all Bloomerang products.
Bloomerang Volunteer
Monitor and alert on suspicious login activity.
4. Endpoint Protection
Use endpoint security solutions (anti-virus, device encryption, patch management).
Restrict access from unmanaged or non-compliant devices when possible.
Require VPN or secure network access for remote employees.
5. Staff Training & Awareness
Train employees on the importance of logging out and not sharing accounts. Educate users on the risks of phishing links which can lead to account compromise.
Communicate clearly that SSO convenience does not reduce personal responsibility for secure usage.
Establish clear policies for BYOD (Bring Your Own Device) scenarios.