Applicants can access their applications and status pages via:

• Slate authentication (default): Using an email address and password

• Institutional Single Sign-on: Using credentials created in the institution's single sign-on system

Slate authentication

This is the default authentication method for applicants in Slate.

For an applicant to authenticate, they must:

1. Go to your institution’s authentication URL: https://apply.slateuniversity.edu/apply

2. Here, they provide their:

   • First name

   • Last name

   • Email address

   • Birthdate (optional)

3. Slate sends an Account Creation system email, which includes a 9-digit PIN and a link to your institution’s account creation page. You can customize this email’s content.

4. When the applicant follows the link, they are prompted to enter the PIN and birthdate (if provided) for verification to create a password, which is stored as a salted hash.

5. In the Slate-hosted application, the applicant enters their email address and password.

If the applicant selects Forgot Your Password?, Slate sends a system email that includes instructions to reset their password. This system email is sent automatically and can also be customized.

Institutional Single Sign-On authentication

You can create accounts with single sign-on system to credential access to the Slate-hosted application.

Slate can authenticate against one single sign-on system for both administrative users and applicants.

🔔 Important!

If your institution plans to require VPN access for administrative users, doing so may prevent external login via SSO.

To import a user name from your single sign-on system and direct applicants to the appropriate URL for authentication:

1. Add the SSO usernames for applicants to Slate.

2. Create a custom source format to import the username from the single sign-on. The following data points are required:

   • Unique ID (to match against the appropriate record in Slate)

   • Username

3. Map the unique ID appropriately and the username to Record → Slate User Login Override.

   

After importing the usernames, direct the applicants to a link to a page that instructs Slate to hand off authentication to your single sign-on system:

• Slate URL: https://apply.slateuniversity.edu/manage

• Single Sign-on URL: https://apply.slateuniversity.edu/manage/login?realm=&r=/apply/

Providing user access

Using existing Slate credentials will provide the user access, but this can also create an inconsistent user experience.

There are three ways of handling this:

Friendly URL

Create a "friendly" URL that redirects to the special login page.

For example:

• https://apply.slateuniversity.edu/enrolled could be redirected on the Slate side to

• https://apply.slateuniversity.edu/manage/login?realm=&r=/portal/enrolled, which mitigates some of the concern because it's an easier URL to publish.

Then again, if the user bookmarks the actual portal, they would be sent to the standard login page upon return to the portal directly.

Slate Credentials

The link above includes a query string parameter of r that directs Slate where to send the applicant after authentication.

This can be updated to send the applicant elsewhere, if necessary. For example, if your institution imports applications, you may change the parameter to /apply/status/ to send the applicant directly to the status page rather than the application:

• Status Page URL: https://apply.slateuniversity.edu/manage/login?realm=&r=/apply/status/

SSO

Keep using Slate credentials until the applicant arrives on campus, which is a clean place and time to begin using new credentials for campus resources and stop accessing Slate.

Use SSO from the beginning of the process. All logins then go through the SSO, which can clutter it with records that don't need long-term access, but doing so would keep consistent credentials throughout the student life cycle.

This option usually requires agreement from the organization's SSO administrators.

Unsetting SSO usernames

To unset SSO username values:

1. Query for records that you want to unset the SSO Username for. This query should have a:

   • Person-scoped unique identifier, like the person record's GUID

   • Literal export that has a name, like "Clear SSO", but no value/Literal. This is the column you'll use to unset the SSO Username.

2. Export the results to your desktop.

3. Import the file with Upload Dataset. The import must:

   • Be set to Unsafe

   • Match on existing records

4. Map the column with empty values from step 1 to Record → Slate User Login Override

5. Select Null Handling.

   

6. Import the file.

7. Confirm the import made the desired changes.