Token authentication allows users to be authenticated by a one-time token that is sent through email. You can set up token authentication to be secured by a password or by a SAML Service Provider adapter to use this token as a method of mutlifactor authentication.

Configure the UAS Settings

  1. Navigate to the UAS Settings screen.
  2. Select Add Authentication Adapter.
Add authentication adapter
AliasThis is a unique name for the adapter and is used in URLs. The alias will be stored as all lowercase letters and should not contain any special URL characters.
EnabledThis toggle determines whether the adapter is available for use.
TypeTOKEN
Use Outbound AdapterSelect the authentication adapter which will be used for outbound authentication to the external service. (If one is not selected, the default outbound adapter will be used.)
Debug EnabledThis toggle determines whether debug statements are written to the logs for troubleshooting purposes.
CSS URLInput the URL for any CSS you would like to use to style the login page.
Logo URLInput the URL for any logo you would like to appear on the login page.
Username Prompt TextInput the text that you want to appear where users should enter their username. By default, this will say "Username."
Submit Button TextInput the text that you want to appear on the button users will use to submit their usernames. By default, this will say "Submit."
Help TextInput any text you want to appear on the page below the login details. This can be help text, general information, or any other text you want. This text is optional. There is a limit of 1000 characters.
Learn URLThis field should autopopulate with the URL of your Blackboard Learn system.
Allowed Institution RolesChoose the roles that are allowed to use this authentication method from the dropdown list. You can choose multiple roles. If this field is left blank, all roles will be able to authenticate with this method.
From AddressThis is the address the token emails will appear to be coming from. If you would like to customize this address, please submit a ticket.
SubjectEnter a subject line for the token email.
Email Template

Compose a template for the body of the token email that will be sent to users. The following tokens can be used in the email:

  • ${token}
  • ${username}
  • ${email}
  • ${givenName}
  • ${familyName}
  • ${requestId}

Make sure you include ${token} so the user will receive the token that allows them to log in.

Token DurationInput the number of minutes that the token is good for before it expires and a new one must be generated.
Security: None (used when you want to use token authentication alone)
 No other parameters must be selected.
Security: Password (used when you want to add token authentication to authentication with a password)
Max Login Attempts AllowedInput the maximum number of login attempts that a user is allowed over the specified time period. Leave blank or enter 0 for no restrictions.
Failed Login TimeoutInput the number of minutes that login attempts are tracked; the default is five.
Encryption CodeInput the code used to encrypt the password value in transit. This code should be provided by your implementation consultant; if you do not have it, please submit a ticket.
Email Property 1Enter the email property that will be used to select the email address that the token is sent to. (Email properties are taken from the Learn ReST users API.) If this field is left blank, it will default to contact.email.
Email Property 2If a second email property is entered here, users will be able to choose which of the two email addresses they want the token sent to be sent to. This field can be left blank; there is no default value.
Security: Service Provider (used when you want to add token authentication to an inbound SAML service provider already configured in UAS)
ServiceChoose the configured inbound SAML service provider you want to use.
Generate MetadataClick to create a file that will be used to add multifactor authentication to an existing Identity Provider authentication.
Email Property 1Enter the email property that will be used to select the email address that the token is sent to. (Email properties are taken from the Learn ReST users API.) If this field is left blank, it will default to contact.email.
Email Property 2If a second email property is entered here, users will be able to choose which of the two email addresses they want the token sent to be sent to. This field can be left blank; there is no default value.
  1. Select Save to save your configuration.

The URL for the configured adapter is https://{region}.extensions.blackboard.com/api/v2/authadapters/sites/{siteId}/auth/{alias}.