You can implement your plan after:
- Planning your authentication framework.
- Identifying your authentication providers.
- Identifying the order of your authentication providers.
- Identifying the host names your authentication providers are mapped to.
The Authentication page is located on the Administrator Panel in the Building Blocks section. On this page, you can manage your providers. You can create, view, and edit providers, and you can set provider states of Active or Inactive. You can also access the provider order and view the Authentication Logs pages.
Note: If you are locked out of the user interface due to a bad configuration of the new authentication framework, use the AuthenticationOneTimeLogin backend script.
Common authentication provider settings
All authentication providers have a group of common settings that you can customize.
- Name (Required): Set a provider name that easily distinguishes one provider from another.
- Description (Optional): Provide a description that easily distinguishes one provider from another, in particular when creating providers of the same type or when providers will be mapped to specific host names.
- Authentication Provider Availability (Active/Inactive): When creating a new provider, keep the provider as Inactive until configuration and testing is completed.
- User Lookup Method (Username/Batch Uid): Use to select the logon name field mapping. If your provider's logon name does not map to the Learn username, you can propagate the logon name to the Batch_Uid field using the Data Integration framework.
- Restrict by host name: Use this option to map a provider to one or more host names. Select either Use this provider for any host names or Restrict this provider only to the specified host name.
- Restricted Host Names: Type one or more host names in the text box, with one host name per line.
Default authentication provider
The Learn Internal provider is the default Authentication Provider, which authenticates a user's login credentials against the Blackboard Learn database.
You can map this provider to one or more host names and edit it to make it Active or Inactive, but you can't delete it. If all other providers are set to Inactive, this provider is made Active automatically.
Default authentication doesn't support password complexity or reuse constraints and provides no mechanism to limit failed login attempts. We recommend that clients with more complex requirements use external authentication such as LDAP, CAS or SAML.
Creating authentication providers
You can create authentication providers with the authentication provider types currently included with Learn-CAS, LDAP, and SAML. You can also create and add Custom Provider types to the authentication framework.
Use the following steps to create a provider.
- Point to Create Provider and select the provider type.
- Type a Name and Description for the provider.
Choose a naming convention or description that easily distinguishes one provider from another, in particular when creating providers of the same type or when providers are mapped to specific host names.These names are only for administrators and are not seen by end users.
- Optionally, set the:
- Authentication Provider Availability as Active. Inactive is selected by default.
Keep the provider as Inactive until configuration and testing is completed.
- User Lookup Method as Batch Uid. Username is selected by default.
If your provider's logon name does not map to the Learn username, you can propagate the logon name to the Batch_Uid field using the Data Integration framework or Snapshot.
- Restrict by host name as Restrict this provider only to the specified host name. Select this option to map this provider to a host name. Type one or more host names in the Restricted Host Names text box, with one host name per line. Use this provider for any host names is selected by default.
Adding commas to separate multiple host names results in an error.
- Authentication Provider Availability as Active. Inactive is selected by default.
- If you are creating a CAS or SAML provider type, in the Provider Settings section, type the Link Text and optionally, browse for an icon.
Note: When multiple providers are Active, this icon and link text appear in the Sign In Using section of the login page. To learn more, see CAS Authentication Provider Type or SAML Authentication Provider Type .
- Select Save and Configure to move to the configuration page for the specific provider type you are creating.