Learn Core & Security

Mobile app sessions renew without requiring authentication – 3900.106

Blackboard Learn SaaS
Ultra Course View & Original Course View
Impact: All users
Related topic: Account Lock

After the Blackboard App 9.11 is released on December 6, 2024, mobile users must update the Blackboard App on their devices to ensure proper functionality. A red banner indicating session expiration will display for any user who does not update their app.

Administrators can now define the maximum length of time a user can access the mobile app before they are required to login again. This time limit is controlled through an authentication token.  The token allows the app to automatically renew a session without re-authentication, as long as it hasn't expired.

To set the length of a token, go to the Administrator Tool Panel, select Account Lock Settings, and then Mobile App Token Timeout. By default, the mobile token lifetime is set to the maximum of 336 hours (about 2 weeks). The minimum setting is 1 hour.

Image 1. Mobile Token Timeout configuration from Administrator Tool Panel

Administrator panel showing Mobile App Token Timeout configuration

For administrators: The verification process that ends inactive sessions runs every hour. If Use same value as Inactive Session Timeout is selected, and Maximum Activity is less than 60 minutes, the session timeout may not be precise to that value. However, the session timeout will occur in no more than an hour. For security certifications, select Use same value as Inactive Session Timeout to end sessions in the same timeframe. This option works independently of the type of device used to log in. Use these values for the Inactive Session Timeout: FedRAMP Moderate: 30 minutes; IL4: 25 minutes.

Return to December 2024 – 3900.106.0 Release description