You can configure multiple authentication providers in Blackboard Learn to satisfy institution policies or best practices. To understand how multiple providers interact with each other, you'll first need to understand the difference between internal and external authentications providers.

Internal vs. external authentication providers

Internal authentication providers: When an internal auth provider is configured, users are presented with the Blackboard Learn login page to submit their credentials. Blackboard Learn then validates those credentials against the user information stored in its own database. If using LDAP, Blackboard Learn connects to the LDAP server to verify credentials.

Examples of internal providers include LDAP and the Default authentication provider (Blackboard Learn internal RDBMS password store).

External authentication providers: When an external authentication provider is configured, users are redirected to an external login page to submit their credentials. If login is successful, the external page passes the user back to Blackboard Learn with a ticket that verifies the user successfully logged in. Blackboard Learn never receives the user's password when logging in through an external provider.

Examples of external providers include SAML/Shibboleth and CAS.

What login page do users see?

If one or more internal authentication providers are available, Blackboard Learn always shows the Blackboard Learn login page by default.

If one or more external providers are available as well internal ones, the Blackboard Learn login page appears by default with the external providers listed in the Third Party Account drop down menu below the internal provider login box on the page.

If an external authentication provider is the only authentication provider available, Blackboard Learn won't display the login page. Instead, users are immediately redirected to the external provider's login page.

If more than one external provider is available but no internal providers are available, Blackboard Learn displays the login page but without the normal login form fields. Only the Third Party Account drop down menu appears, so the user needs to select an external provider to log in.

Hostname restrictions

Both internal and external authentication providers support hostname restrictions on the settings page in Blackboard Learn. You can enable specific authentication providers on specific hostnames and URLs.

Hostname restrictions are useful if you have multiple hostnames and want users to authenticate through different providers for each one.

More on authentication provider settings

Using multiple internal providers

If you have multiple internal authentication providers such as LDAP configured in Blackboard Learn, you'll need to understand how Blackboard Learn handles internal provider fallback.

In Administrator Panel > Authentication > Provider Order, you can configure the fallback order of your multiple internal authentication providers. External providers don't appear in this list.

Fallback works in these ways:

  1. If an internal provider such as LDAP can't find the user, it always falls back to the next internal authentication provider on the list.
  2. If an internal provider finds the user but find the password invalid, it never falls back to the next provider. An invalid password immediately fails the login. There is never a scenario where more than one password will successfully authenticate a user.
  3. If an internal provider returns any other error message, it falls back to the next provider depending on the Continue on error option on the Provider Order page. Possible errors include the LDAP server being offline, certificate errors, or any other error that stops validating the password against LDAP.

The most common setup with multiple internal providers is to have one or more LDAP server plus default authentication enabled. This configuration allows users who exist in LDAP to login with their LDAP password, while still allowing special users who only exist in Blackboard Learn to login with their internal password.

Using multiple external providers

If more than one external provider is available but no internal providers are available, Blackboard Learn displays the login page but without the normal login form fields. Only the Third Party Account drop down menu appears, so the user needs to select the external provider to login with.

If you want to improve this login flow, you have two options:

Set up multiple URLs and hostname restrictions

If you configure multiple URLs pointing to your Blackboard Learn environment, you can restrict each external provider to only be available on a specific hostname. If a single external provider is the only authentication enabled on a specific hostname, users are automatically redirected to the external login page.

If you are a Managed Hosting or SaaS customer and would like to register additional *.blackboard.com hostnames, please contact Blackboard Support.

Create a custom login page

You can create a custom login page to support your institution's branding. When developing a custom login page, it's important that the link to the external login is not a direct link to the external URL. This is a link to a page in Blackboard Learn that initiates the external login process and immediately redirects the user. To get this URL:

  1. Open the default Blackboard Learn login page.
  2. Expand the Third Party Account drop down menu.
  3. Right click on the link and select Copy Link Address or Copy Link Address.

Copy the URLs from the drop down menu and build a custom login page around them to look and act how you want. You can make larger buttons to help the user pick the correct option.

This method requires some custom development of the login page to look and act how you want it to. Blackboard Support doesn't assist with this customization, but other members of the Blackboard Community may be able to help.

Using a combination of internal and external providers

If you have both internal and external authentication providers available, by default Blackboard Learn login page will show the standard login box plus the third party login drop down. This is often not desired if most users are expected to use the external provider login.

If you want to improve this login flow, you can do it one of a few ways:

Set up multiple URLs and hostname restrictions

If you have a subset of users that need to authenticate through an internal provider, but you want everyone else to get auto-redirected to an external provider, you can setup an alternate hostname and restrict the internal provider to only be available on the alternate hostname. All users going to the original hostname only have the external provider available. The subset users can access the internal provider login page through the alternate hostname. Make sure these users know the correct alternate hostname to access the internal login page.

If you are a Managed Hosting or SaaS customer and would like to register additional *.blackboard.com hostnames, please contact Blackboard Support.

Create a custom login page with the redirect method

If you don't want to use alternate hostnames but still need to allow some users to login through an internal provider, you can create a custom login page that automatically redirects users to the external provider. You can give select users the URL of the default login page. This method supports deep linking.

You can find the default internal login page by adding /webapps/login/login.jsp to your Blackboard Learn environment URL.

  1. The attachment is a plain text file.

  2. Before you upload the file as a custom login page, edit the file extension to use .jsp after you download it to your computer.
  3. Upload the .jsp template as your custom login page. The template will automatically redirect users when at least one external login provider is configured on your Blackboard Learn environment.

With this method, anybody who loads the main URL visits the login page and is quickly redirected to the external login page. Anybody who needs to login with internal credentials can visit the direct URL of the default Blackboard Learn login page.

Create a custom login page with a custom method

Some institutions develop their own custom login page using both the external and internal authentication provider URLs. You can create a larger button for students and instructors to access the chosen authentication provider, and include a smaller link for users who should login with the internal authentication provider.

Further support

Your institution's login process can vary quite a bit depending on which types of authentication providers you have configured and how you want the login flow to act for users. This article aims to help explain the details of the Blackboard Learn's behavior in these situations and how it can be customized to best support your users' needs.

If you have questions about this article or the login processes discussed here, please reach out to Blackboard Support to discuss further.