Just-in-Time (JIT) provisioning describes the ability to create or update accounts for trusted end users when they access a new service or system. This lets you avoid manually verifying identity between the system where a user's account is hosted and the new system they're trying to access.
JIT provisioning improves collaboration among individuals and institutions by facilitating access to shared courses, training, and other activities provided through Blackboard Learn. Administrators can focus on other tasks after enabling JIT provisioning because it automates routine processes, such as creating accounts and enrolling students in a course. JIT provisioning also gives users flexibility and improves their experience using these cloud-based educational technologies.
You can use this technology to let users access Blackboard Learn across institutions. There are two methods to implement JIT provisioning in Blackboard Learn: enable SAML authentication providers or configure Shibboleth to authenticate external user accounts.
After you enable and configure JIT provisioning, Blackboard Learn automatically creates new user accounts in your local system for individuals who authenticate with their account from another institution. Administrators can establish this kind of connection with institutions of their choice.
For example, a student from College A wants to take a course with a specific instructor at College B. The instructor can't formally enroll the student in their course until the student has a Blackboard Learn account with College B. College A and B are both members of trust federations and have enabled JIT provisioning, so the student can log in to College B's Blackboard Learn system using their account from College A. College B's Blackboard Learn system automatically creates an account for the student when they log in. The student tells the instructor their username, and the instructor can enroll the student in the course.
You can map specific attributes in your Blackboard Learn environment for users who authenticate using external accounts. When a new account is created, the role and privileges for that account are determined based on these details in the external account.
When you enable automatic user account creation, Blackboard Learn will try to match the user's identity provider account information with user information in the system. There are three possible results:
- If Blackboard Learn finds no match, the system will create a user account and course memberships according to the data it receives from the external institution (the identity provider).
- If the user account already exists from the same data source or with a compatible data source, then the user's information in Blackboard Learn is updated according to the received data.
- If the user account exists, but data source doesn't match, then login will fail.
You can use JIT provisioning to automatically enroll students in a specific course when they log in to Blackboard Learn. Before you begin, the course must already exist in your institution's Blackboard Learn environment.
When the user logs in, the system updates the user's enrollments to include the course you specify. When a user is enrolled in a course, they will also be assigned a course role based on the mapped attributes for Blackboard Learn roles and course roles. For example, if a user is identified as an instructor when they authenticate with their external account, they can be granted instructor privileges in the course as well.
Some users may want to participate in a public group or organization, but do not have an account in system. In this case, a user can enroll in the group or organization using their credentials from any other institution that is a member of Internet2. This process is similar to User Creation/Provisioning, but you must map different attributes.
You can set up JIT provisioning two ways in Blackboard Learn.
- Install and configure the SAML Authentication Provider Building Block.
- Configure Shibboleth to authenticate users from external institutions.