System Administrators should consider secure application configuration practices in order to further harden your Blackboard Learn solution.
The links in this section go to articles in the Self-Hosted Deployment Option folder. The information applies to the Blackboard Learn with the SaaS Deployment. When you finish reading the articles, use your browser's back function to return here.
- Ensure the default "administrator" account password is complex and rotated regularly per your organization's Access Management policies.
- Change the default "root_admin" account password. Ensure it is complex and rotated regularly per your organization's Access Management policies. See Managing User Accounts.
- Change the default "Integration" account password. Ensure it is complex and rotated regularly per your organization's Access Management policies. See Edit the Integration Password.
- Review default privileges assigned to each System Role and Course Role.
- Review if Anonymous (Guest) Access is appropriate at all four levels:
- System Admin > Security > Gateway Options
- System Admin > Course Settings > Course Tools
- System Admin > Course Settings > Default Course Settings
- System Admin > Organization Settings > Default Organization Settings
- Fully use third party authentication systems such as LDAP and Active Directory. See LDAP Authentication with TLS. This provides the ability to enforce password complexity policies, obtain login failure throttling, etc.
- As a practice, do not use shared accounts. Power users should use their own accounts to help ensure accountability for changes to the system.
- Monitor usage of default system accounts by reviewing the security logs. See Audit and Accountability.
- Go to System Admin > Content Management > Technical Settings > Authentication Settings
- Enable Grade History.
- Do not allow Instructors/Assistants to change auditing status.
- Do not allow Instructors/Assistants to clear grade history.
- Enable AND Create new session when fingerprint changes. See Session Fingerprinting.
Bb Mobile users should not enable this setting.
- Not a default setting because it requires certificates
- See Alternate Domain for Serving Content.
- This is similar to privileges review. By default, Administrators and Instructors receive the privilege to use unrestricted HTML. If only a limited set of users need the ability to perform dynamic scripting, consider creating a custom role, placing users into that role, and granting just that role this particular privilege. This follows the security principle of Least Privilege.