GiveSignup | RunSignup continues to invest heavily in key platform features, like financials and payments, free email marketing, free websites, and more. At the same time, many of our nonprofit customers that initially used us just for their run/walk/ride registration are using GiveSignup for ticket events and GivingTuesday campaigns. Ensuring that our customers can seamlessly move between GiveSignup.org, RunSignup.com, and our other sites saves time so that you don’t have to log in separately to each site. It also emphasizes that our technology is one login for one platform with two purpose-built solutions for nonprofits and endurance events.
Technology Behind the Scenes
Technically, our solution is a single robust platform that we use to deliver value across endurance events and nonprofit activities. This has a huge benefit for customers that need to manage programs, fundraising, financial reporting — ultimately engaging their supporters across all of the activities they are promoting. Your user account on RunSignup.com has always been the same one on GiveSignup.org, and you would use the same username and password to access both sites. The login process is protecting your valuable data based on the access you have been granted by your organization. This is a good opportunity for us to highlight our Multi-Factor Authentication option that you can enable for your account to further safeguard your data. Our recent SSO enhancement provides all of this to you more seamlessly and allows you to bounce between GiveSignup and RunSignup as you need to without being interrupted with a login request.
Aside from protecting your data, we also use the account login process to manage what is referred to in web applications as your session. Your session is a place in our server’s memory where we keep handy information about your recent interaction with our site. Since an internet application is a request/response type of system between the web browser on your computer and our servers, we need to keep track of what you were doing since the last request you made, so we can correctly process the next request. Think of it as keeping track of the context of a conversation. For example, let’s say you were completing the Race Setup Wizard for a new race, and in the middle of that process, you were interrupted by a phone call, or your internet connection went down. Since we kept track of where you were in our session memory, we can simply pick up where you left off when you return (during a preset amount of time).
Session strategies like this are a common software pattern implemented for most of the websites you use in everyday life. However, the session is typically associated with a single website URL, such as RunSignup.com. That is why you were forced to repeat login if you were trying to switch gears from reviewing the Race Dashboard on RunSignup.com to setting up a new Ticket Event on GiveSignup.com. Our engineers have come up with a clever solution where we are now managing your session across all of our sites on dedicated session server(s). Voilà! Single Sign On!
Security and PCI
Anything that involves access to data, login, or the protection of our solution assets from bad actors on the internet gets the highest scrutiny by our development team and security experts. We adhere to the highest security standards set by the Payment Card Industry Data Security Standard. Each year, we spend hundreds of thousands of dollars and engineering time securing our solution and testing those systems during quarterly and annual PCI Audits. In order to comply to those standards we are required to impose time based restrictions to the login process:
- Your session will be logged out unless you were active on one of the sites in a 24-hour period.
- After 30 days regardless of activity, you will be requested to log in again.
Also note that if you were already signed in when we released the SSO capability, you will need to log out once and log back in for the new SSO feature to take effect.