Warning: Enabling a role for BBID cannot be undone and any user with at least one role enabled for BBID will be required to authenticate via BBID at their next login. We recommend you only turn on a role applied to many users after you have confirmed the BBID authentication will work for users at your school. 
Tip: You can clone a role, like the Friend role, enable it for BBID and add a few users to the cloned role to test.

To enable a role for Blackbaud ID:

1. Core > Security > Authentication Settings > Blackbaud Authentication
2. Select the ellipses next to the role you want to enable
3. Select Edit Role
4. Mark the Enabled checkbox and enter the domain for users
Note: You may specify an email domain to restrict the email address users can use to register their account with Blackbaud ID.  The primary purpose is to make sure users are using a school-issued email that matches your claimed domain with your identify provider as they go through the BBID transition.  Using an email from the claimed domain that is setup with Blackbaud ID SSO, the user will not create separate credentials, but will authenticate with your identity provider.  Even if you don't have BBID configured to SSO to your IdP, adding an email domain still gives you some control that their access to the ON products will only be through their school issued email address.  This allows you to set up the SSO and switch their authentication to be through your IdP at a later time.  If your users in this role have no school-issued email, just leave this field blank.
5. Once you've enabled BBID for a role with a specified domain, you can bulk assign BBID usernames for the included users