Account Creation

An account is what a constituent logs in to in order to update their contact information, adjust their directory listing, or (optionally) certify their identity when purchasing a membership or registering for an event.

These constituent accounts are entirely separate from accounts used to administer AlumnIQ.

SSO (campus provided)

If your institution completely controls authentication for all constituents, then the login process will take the constituent to your institutional signin page before redirecting back to AlumnIQ for automatic provisioning of a matched account. We'll work with your IDM folks to determine which properties of the login response will serve to link that user with a warehouse record. In most cases this is an XID, but for a few we've had to request (and receive) a separate netid to link the two.

AlumnIQ supports Shibboleth (SAML2), OAuth, and OIDC for third party authentication.

Note that any users using SSO will not have to go through any public-facing account creation or provisioning process; this is a seamless experience for them.

"Local" (AlumnIQ-provisioned)

If your institution has opted to let AlumnIQ control authentication for all constituents, then the login process will take place entirely within AlumnIQ.

Creating an account

Accounts are (almost) exclusively created by constituents. There are three ways for them to do so:

1. Go to /signup and fill out the form, after which they'll receive an email with a magic link to set a password.

2. Register for an event and at the end check the box to have an account created automatically; they'll receive an email with a magic link to set a password after registration.

3. A magic link is sent from the AlumnIQ mail module, containing a different type of magic link to automatch the constituent to the profile.

An account can be created in matched or unmatched state. A matched account is one that has your institutional identifier (xid) attached, thus linking the account with warehouse data on the constituent. Only those with matched accounts can update their profiles and, if permitted, make use of the directory.

Hybrid Environments

Yes, we do support hybrid environments: current campus "residents" using SSO and all alumni/friends using AlumnIQ local auth is a not uncommon model.

Autoprovisioning via AlumnIQ Mail Module

For schools who use our mail module there's a fun autoprovisioning feature built in to make the process of account creation very easy for most.

1. Create a list of people you want to invite to create a profile. Make sure that list is criteria-driven or is uploaded with xid values.

2. Create a mail message pointing to that list.

3. In the body of the message, create a button, link, or both pointing to https://{whatever your host domain name is}/signup

When the recipient clicks on that button or link we'll use the recipient identification string (the ?mc=STUFF parameter in the URL) to resolve their constituent ID and autoprovision an account.

If the recipient already has a profile we'll redirect them to the login screen. If the recipient's warehouse data is missing, duplicated, or lacking a preferred email address (impossible given that you just emailed them!) we'll redirect them to the standard signup form.

But if all goes well, all we need from them is to set a password. Their profile will already be linked to their XID and thus all access to update address information, privacy preferences, and directory (if applicable) will be instantly applicable.

Easy!

Semiauto Provisioning

For those who go to /signup out of the blue and fill out the profile creation form and are unique in one very specific way we can automatch them.

If an individual who is the ONLY constituent in your warehouse with that email address, upon confirming they have control over it their profile will be automatched to an XID. For most people this is a fast and easy proxy for proof of identity.

Manual Provisioning

This is where the rest of the folks finding their way to /signup will land.

In admin under Profiles > Unmatched you'll find their submitted profile data. For each person attempt to find a matching constituent record. Following match their ability to view/update contact information and access the directory (if applicable) will be enabled. Profile-holders without an XID can't do much at all - by design. All profile updates are based on warehouse data which is only accessible with an XID, and all updates we feed back to you will bear the same.

Please keep an eye on your unmatched profiles and seek to keep them clean.