Why Would a Product Implement Blackboard SSO?

Many schools that use Blackboard are interested in vendors that offer content that can integrate with the school's LMS. Third-party content that supports integrated functions, like SSO, can make life easier for teachers, students, and administrators.

By implementing Blackboard SSO, developers let school IT admins to manage accounts and passwords through Blackboard rather than the product. Developers don't have to build or manage a database containing sensitive passwords. Since these IT admins are responsible for managing Blackboard passwords, developers won't receive as many support tickets from teachers and students who are having trouble figuring out how to sign in.

By building SSO solutions into products, developers will also be able to build deeper integrations like syncing courses and sending grades to the Blackboard gradebook.

What to Know When Starting to Implement Blackboard SSO

Blackboard (the company) requires edtech developers who are interested in implementing SSO (or developing any integration with Blackboard) to register for a Blackboard developer account. Registration is required to develop either a REST API application or LTI tool.

It is free to register for an account but there may be costs associated with deploying the integration once the integration has reach a certain scale. Deploying an LTI application is typically free.

Blackboard SSO through API Integration

The first way that Blackboard facilitates SSO integration is through the Blackboard API. The Blackboard REST API implements a version of OAuth 2.0 to authenticate users. With this style of integration, users can head to the product and click a "Sign In With Blackboard" button. Blackboard will then prompt the user for their username and password (if they are not already logged into Blackboard). The product never sees the password the user entered.

After the user signed into Blackboard, they are redirected back to the product with a code that corresponds to user’s account. After exchanging this code, the product can ask Blackboard for more details about the user, such as their

  • personal information,
  • course enrollments, or
  • homework assignments.

Note that Blackboard requires users to log into the Blackboard environment specific to their school. The product’s "Sign In with Blackboard" button must direct the user to sign in at the user’s custom Blackboard domain (from the school).

Blackboard SSO through an LTI Standard Integration

Blackboard supports the LTI 1.1, LTI 1.3, and the LTI Advantage services specifications. Blackboard also notes that “LTI 2.0 is supported on Blackboard Learn Q4 2017 and later. LTI 1.0 is supported on Blackboard Learn 9.1 SP4 and later. LTI 1.1 is supported on Blackboard Learn 9.1 SP10 and above.”

LTI apps are designed to be accessed within a course in the LMS. LTI apps must be configured by a teacher or administrator so that students in the course can access the app. Students and teachers can then launch into the application by selecting the tool from their course in Canvas. The process of launching the tool will let the app verify the user's identity and grant the user access.

Note that the sign in is always initiated from the LMS (i.e. students won't visit a website or mobile app to access the resource). After the LTI launch, the developer receives a set of URLs that can be used to perform a limited set of functions, like grade syncing.

What are the challenges of SSO in Blackboard?

There are some issues that developers commonly encounter when trying to integrate an SSO solution into their platform. For example, many products try to identify users who sign in through Blackboard by the user’s email address. Doing this can lead to unforeseen problems and leave users vulnerable.

Sometimes developers also try to assign a universal role to students, teachers, and administrators in their product based on the user’s role in the LMS. Many LMSs, including Blackboard, allows users to have multiple roles depending on the context.

Furthermore, LTI integration can cause several headaches if the developer is not prepared. There are several versions of LTI and each LMS handles LTI integrations differently, even if they technically support the same specification. Just because there’s already an LTI app written for another LMS, like Moodle, it doesn't always mean the app is going to work the same way in Blackboard. Developers can also run into trouble if they are converting a mobile product into an LTI-accessible resource.

Additionally, Blackboard's implementation of OAuth 2 is somewhat non-standard. While it still technically follows the OAuth 2 specification, Blackboard's implementation has quirks that aren't generally present in other platforms that use OAuth 2.

Note that large schools and universities may be running different versions of Blackboard on their own in-house servers. Others may use a cloud service, like Blackboard Learn Ultra. An API or LTI app that works for one district's Blackboard environment might appear or work differently in another's.

Read More on Blackboard:

Read these other articles we've written on Blackboard and integrations.

If you're looking for a partner to guide you through developing Google Classroom integrations, then let us introduce ourselves. We're Edlink!