The Blackboard Learn authentication framework enables users providing ID and password credentials to validate and initiate a session in Blackboard Learn. The framework also enables integrating Blackboard Learn with one or more external authentication providers.
The Blackboard Learn authentication framework is provided using Building Block technology with full user interface installation, management, and logging. This use of Building Blocks to provide authentication integration removes barriers and issues with system management related to custom authentication.
Blackboard Learn SaaS includes four providers by default.
- Learn Internal: This is the default authentication provider. You can make it Inactive, but you cannot delete it.
- CAS: This represents an external Central Authentication Service (CAS) provider.
- LDAP: This represents an external Lightweight Directory Access Protocol (LDAP) provider.
- SAML: This represents an external Security Assertion Markup Language (SAML) provider.
In the authentication framework, you can map authentication providers to one or more hostnames. The following table provides an example of mapping hosting names.
|Log a User With
|LDAP education provider
|CAS medicine provider
|Learn Internal provider
You arrange the providers in order of preference enabling an authentication cascade where each provider is sequentially queried until a user is logged in or fails to be authenticated. Users are only passed through to the next provider in the chain when two conditions exist:
- The provider does not know the username, for example, known usernames with bad passwords do not fall through.
- A provider error occurs and error fall-through is enabled.
You want to set provider order to use for failover if one of the providers' sources is broken. For example, if you have three LDAP servers, the authentication framework checks the first server, and if that fails, checks each server until authentication is achieved.
To reorder the providers, use the drag-and-drop function available on the Provider Order page. Press and drag the providers into descending order, from top to bottom.
Note: Providers are skipped if they do not match the set of rules that the authentication framework is checking. For example, if a user is logging in using the externals.blackboard.com hostname and the first two providers listed are mapped to education.blackboard.com and medicine.blackboard.com, the first two providers are skipped.