Blackboard Learn SAML Single Sign-On (SSO)

This document refers to the Linux operating system. If you are configuring Blackboard Learn on Windows, see http://help.blackboard.com/en-us/Learn/9.1_SP_14/Administrator/100_Authentication/030_Auth_Implementing/Shibboleth_Authentication_Provider_Type.

The following is an overview of the steps required to configure the Blackboard Learn Web application for single sign-on (SSO) via SAML.

  1. Prepare Blackboard Learn for single sign-on.

    • Create Blackboard Learn user accounts and make sure you have a Blackboard Learn account with administrator rights to configure SSO.

  2. Configure the Blackboard Learn application to use Shibboleth.

    By default, Blackboard Learn uses its built-in Apache 1.3.You will need to install Shibboleth on Apache 2 and configure Blackboard Learn to use that. For details, see Configure Shibboleth and Blackboard Learn.

  3. In the Admin Portal, add the application and configure application settings.

    For details, see Configure Blackboard Learn in the Admin Portal. Once the application settings are configured, complete the user account mapping and assign the application to one or more roles.

  4. Integrate the CyberArk IdP to the Shibboleth SP.

For details, see Integrate CyberArk IdP with the Shibboleth SP.

After you have finished configuring the application settings in the Admin Portal and integrating the CyberArk IdP with the Shibboleth SP, users are ready to launch the application from the user portal.

Blackboard Learn requirements for SSO

Before you configure the Blackboard Learn web application for SSO, you need the following:

  • An active Blackboard Learn account with administrator rights for your organization.

  • A signed certificate.

  • You can either download one from the Admin Portal or use your organization’s trusted certificate.

Set up the certificates for SSO

To establish a trusted connection between the web application and the CyberArk Identity, you need to have the same signing certificate in both the application and the application settings in the Admin Portal.

If you use your own certificate, you upload the signing certificate and its private key in a .pfx or .p12 file to the application settings in the Admin Portal. You also upload the public key certificate in a .cer or .pem file to the web application.

What you need to know about Blackboard Learn

Each SAML application is different. The following table lists features and functionality specific to Blackboard Learn.

Capability

Supported?

Support details

Web browser client

Yes

 

Mobile client

Yes

iOS and Android

SAML 2.0

Yes

 

SP-initiated SSO

Yes

If SP-initiated is enabled, IdP-initiated SSO is still supported.

IdP-initiated SSO

No

 

Force user login via SSO only

No

After SSO is enabled, users can continue to log in to Blackboard Learn with their local user name and password.

Separate administrator login after SSO is enabled

Yes

After SSO is enabled, administrators can continue to log in to Blackboard Learn with their local user name and password.

User lockout

Yes

Admin can Make Unavailable a user.

Administrator lockout

No

 

User provisioning through SAML

No

 

Multiple User Types

Yes

Refer to Blackboard Learn documentation for details.

Self-service password

Yes

Users can reset their own passwords. Note that administrators cannot reset a user’s password.

Access restriction using a corporate IP range

Yes

You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.

Configure Shibboleth and Blackboard Learn

By default, Blackboard Learn uses its built-in Apache 1.3.You will need to install Shibboleth on Apache 2 and configure Blackboard Learn to use that. For details, see https://help.blackboard.com/en-us/Learn/9.1_SP_12_and_SP_13/Administrator/060_Installation/Install_UNIX/020_Apache_2

Configure Blackboard Learn in the Admin Portal

Integrate CyberArk IdP with the Shibboleth SP

Blackboard Learn provisioning

SCIM (System for Cross-domain Identity Management) is an open standard for automating the exchange of user identity information between identity domains, or IT systems. It can be used to automatically provision and deprovision accounts for users in external systems such as your custom SAML app. For more information about SCIM, see www.simplecloud.info.

If your Blackboard Learn application supports SCIM, you can set it up to enable provisioning by entering the Access Token and SCIM URL.

For more information about provisioning your app, see Provision accounts with SCIM.

For more information about Blackboard Learn

For more information about configuring Blackboard Learn for SSO: