Skip to content
  • There are no suggestions because the search field is empty.

Single Sign-On (SSO): The Consumer SSO experience

A documented approach to the consumer experience during different workflows of Consumer SSO

Introduction

A seamless consumer journey is at the heart of everything we design in Gladstone Go Consumer. When introducing Single Sign-On (SSO), our priorities were clear:

  • Enhance the consumer experience – allowing faculty and students to use their familiar university credentials.

  • Maintain data integrity – preventing duplicate records across systems.

  • Support IT compliance – reducing the risks of password misuse or mismanagement.

For universities, these benefits are especially critical. In this guide, we’ll walk through the consumer SSO experience and explain why we strongly recommend deep links.

 

Go Consumer Journey - New Joiner

The joining process is where careful design matters most. You must balance two groups:

  1. Students and faculty – who should always be directed to their University login.

  2. Public consumers – who continue to use the standard online joining journey.

If both groups are sent through the same consumer journey, the risk of confusion and duplicate accounts increases significantly. Historically we've attempted to mitigate this risk through the login option being the first step of the Go Join journey (as shown below). We have now adapted our deep link functionality to now consider SSO to prevent the confusion of the same consumer journey.

 

We have now adapted our deep link functionality to now consider SSO to prevent the confusion of the same consumer journey.

The Best Practice – Using Deep Links

The recommended solution is to use deep links on your website. These links send consumers directly to the correct pathway for their profile type and our Gladstone Deep Link knowledge base article will walk you through the process.

Why deep links are recommended:

  • Auto-provisioning made simple – Gladstone automatically creates accounts for Microsoft Entra users on first login. There’s no need to pre-load your student or faculty data if they are directed to the login page prior to Go Join.

  • Eliminates confusion – faculty and students are guided straight to their SSO login, while public members follow the usual joining route.

  • Mandatory login where required – deep links enforce compulsory sign-in. For example, linking directly to a “Faculty” or “Staff” membership type requires the consumer to authenticate before they reach Go Join.

Activating SSO deep links couldn't be easier. Follow the knowledge base link stated above and after you've selected the Generate Link option, simply choose "SSO login required".

Below demonstrates how your webpage can cater for the public/community consumer at the same time as students and faculty.


Without Deep Links – The Risks

Go Join will still perform duplicate checks if no deep links are used. For example:

  • If a student enters their University email during sign-up, the system will flag a duplicate and push them to log in through SSO instead.

However, without deep links:

  • Students can bypass SSO by entering a personal email, creating duplicate accounts and undermining data integrity.

  • Compliance risk grows, as accounts may exist outside the University’s secure environment.

  • The consumer experience suffers, with more friction, confusion, and potential failed logins.

Based on these risks, this is why were strongly recommend deep links from your website. Otherwise you may lose the full benefits of SSO.

 

SSO and MobilePro

Gladstone SSO is currently not available in other 3rd party applications. Consequently, customers using MobilePro will still be required to use the standard username and password for authentication. To support the seamless approach between 3rd party applications, we have made improvements in the initial consumer sign-up process for the MobilePro app.

When student or faculty access Gladstone Go for the first time through SSO and they do not have a member record, an email will now be sent to them introducing your MobilePro app. This email is completely configurable but the purpose is to drive the creation of a login against the members existing university credentials.

If the student or faculty have a member record already because they already exist on Gladstone or have been provided as some sort of API import, any student requiring a new password to access MobilePro should go through the reset password flow.

For more information around the emails for auto-provisioned students and faculty, please see the knowledge base article.