Session management in Blackboard Learn

When a user logs into Blackboard Learn, a session is created. This session is what allows the user to continue to access the application uninterrupted. As long as the session is active, the user can continue to use the system without logging in again.

This session will continue to be active as long as the user continues to interact with the application. The user's session will be timed out if they don't click within Blackboard Learn and are inactive for a certain timeframe. When the user attempts to access the Blackboard Learn system again, they will be prompted to log in.

Special considerations for custom single sign-on (SSO) authentication providers

If you use custom single sign-on (SSO) authentication providers such as CAS or SAML for your Blackboard Learn environment, two separate sessions are created and used when a user logs in with that provider: one for the SSO session and one for the Blackboard Learn session. These sessions are independent and may have different expiration timeframes. The SSO session is commonly configured to have a longer lifetime than the Blackboard Learn session, but this could vary depending on the installation.

You can configure a Blackboard Learn logout to trigger a SSO session logout. This is known as a single logout. Without this configuration, when a user logs out of Blackboard Learn, that action will only stop the Blackboard session. The SSO session remains active, so the user's web browser may still have access to other SSO applications or even Blackboard Learn again. If single logout is configured, both sessions will be destroyed at the time of logout and the user will need to log in again to access any SSO application.

Most SSO solutions are configured to destroy the session token and effectively stop the user's session when the browser is closed. To protect user security, we recommend that you advise your users to close their browsers when using any SSO solution, regardless of whether you use one with Blackboard Learn.