Clavis Single Sign-On

Clavis is the Compass SSO [single sign-on] authentication service.

Clavis allows you to use a single set of credentials to log into many of our services, including the following:

Contact Compass Foundation to request access to Clavis SSO.

Clavis login is tied to a browser session. Once you have logged into Clavis, you can conveniently log into other Compass services with a single click. Because of this "ease of access", added security will be required to log into Clavis. This will include the use of 2FA, requiring a password and a key. For this key you can use a Yubikey, Fingerprint, or Face ID depending on what your particular device supports.

Clearing your browser cache will require you to log into the Clavis server again.

First time setup

Click the 'Login in with Clavis" button from one of our services login page or go to clavis.compassfoundation.io.
Your username will be the email address we have on record in our system for the Clavis user attempting to login.
You will need to set up a password by clicking the "Forgot password" button, which will send you an email with a link to set your password.
Open this link and enter your new password. Remember to use strong passwords!
Log in with this newly created password and set up your 2FA credentials.
Navigate to your Person record under Accounts on the left side menu. Select the Credentials tab in the middle of the main window.
Add a Credential using the button in the upper left of the lower section of the main window.
Click Register Hardware Key or Device. Note: We recommend setting up at least two keys, to prevent locking yourself out accidentally. Your device may have various options for a key:
- Yubikey
- Face ID
- Fingerprint
Setup complete! Now when you use the Clavis login on a new browser or if the browser cache has been deleted and you are asked to log into Clavis, you will first enter you username and password and then you will be prompted to confirm with one of the credentials you have set up.