Skip to main content

Clavis Single Sign-On

Clavis is the Compass SSO [single sign-on] authentication service.

Clavis allows you to use a single set of credentials to log into many of our services, including the following:

Clavis login is tied to a browser session. Once you have logged into Clavis, you can conveniently log into other Compass services with a single click.

Because of this "ease of access", added security will be required to log into Clavis. This will include the use of 2FA (2-Factor Authentication) -- password and a key. For this key you can use a hardware key (eg. Yubikey), Fingerprint, or Face ID depending on what your particular device supports.

Clearing your browser cache will require you to log into the Clavis server again.

How to Register

Contact Compass Foundation to request access to Clavis SSO.

First time setup

After registration is complete:

  1. Click the 'Login in with Clavis" button from one of our services login page or go to

  2. Your username will be the email address we have associated with your Clavis credentials, which will typically be the primary address associated with your Compass account.

  3. You will need to set up a password by clicking the "Forgot password" button, which will send you an email with a link to set your password.

  4. Open this link and enter your new password. Remember to use strong passwords!

  5. Log in with this newly created password and set up your 2FA credentials.

  6. Navigate to your Person record under Accounts on the left side menu. Select the Credentials tab in the middle of the main window.

  7. Add a Credential using the button in the upper left of the lower section of the main window.

  8. Click Register Hardware Key or Device

    Important Note: We recommend setting up at least two keys, to prevent account lockout in the event of key loss/theft. Your device may have various options for a key:

    • Hardware security key (eg. Yubikey)
    • Face ID
    • Fingerprint
  9. Setup complete! Now when you use the Clavis login on a new browser (or if the browser cache has been cleared), the sign-in process will first request your username and password, and then prompt you to confirm your identity with one of the key options you've set up.