How to Implement Blackboard SSO

Why Would Your Application Implement Blackboard SSO?

Many schools that use Blackboard are interested in vendors that offer content that can integrate with the school's LMS.  Third-party content that supports integrated functions, like SSO, can make life easier for teachers, students, and administrators. In fact, LMS integration is commonly requested in RFPs that are sent out to edtech vendors.

By implementing Blackboard SSO, you allow admins at the schools you work with to manage accounts and passwords through Blackboard rather than your platform. This means you don't have to build or manage a database containing sensitive passwords. Since tech admins are responsible for managing Blackboard passwords, you won't receive as many support tickets from teachers and students who are having trouble figuring out how to sign in.

By building SSO solutions into your platform, you'll also be able to build deeper integrations like syncing courses and sending grades to the Blackboard gradebook. In fact, once a user is signed in with Blackboard, you can build upon almost any functionality that their account has access to.

What to Know When Getting Started With Implementing Blackboard SSO

Blackboard (the company) requires edtech developers who are interested in implementing SSO (or developing any integration with Blackboard) to register for a Blackboard developer account. Registration is required if you are developing either a REST API application or LTI tool.

It is free to register for an account but there may be costs associated with deploying your integration once you reach a certain scale. Deploying an LTI application is typically free.

Blackboard SSO Through API Integration

The first way that Blackboard facilitates SSO integration is through the Blackboard API. The Blackboard REST API implements a version of OAuth 2.0 to authenticate users. With this style of integration, users can start on your website or mobile app and click a "Sign In With Blackboard" button. Blackboard will then prompt the user for their username and password (if they are not already logged into Blackboard). Your app, itself, never sees the password the user entered.

After the user has signed into Blackboard, they are redirected back to your website with a code that corresponds to their account. After exchanging this code, your website or app can ask Blackboard for more details about the user, such as their personal information, their course enrollments, or their homework assignments.

Note that Blackboard requires users to log into the Blackboard environment specific to their school. Your "Sign In with Blackboard" button must direct the user to sign in at their school's custom Blackboard domain.

Doing an SSO integration through the Blackboard API is also the first step to developing deeper integrations. Once a user is authenticated by Blackboard, an app then has the ability to perform functions in Blackboard on behalf of a user, like gathering a list of their courses or sending grades back to their gradebook in the LMS.

Blackboard SSO Through LTI

Blackboard supports LTI 1.1, LTI 1.3, and the LTI Advantage services. LTI apps are designed to be accessed within a course in the LMS. LTI apps must be configured by a teacher or administrator so that students in the course can access the app. Students and teachers can then launch into the application by selecting the tool from their course in Canvas. The process of launching the tool will let the app verify the user's identity and grant the user access.

Note that the sign in is always initiated from the LMS (i.e. students won't visit your website or mobile app to access the resource). After the LTI launch, the developer receives a set of URLs that can be used to perform a limited set of functions, like grade syncing.

What are the challenges of SSO in Blackboard?

There are some issues that app developers commonly encounter when trying to integrate an SSO solution into their platform.

For example, many apps try to identify users who sign in through Blackboard by their email address. Doing this can lead to unforeseen problems and leave users vulnerable.

We also see many developers try to assign a universal role to students, teachers, and administrators in their app based on their role in the LMS. Many LMSs, including Blackboard, allows users to have multiple roles depending on the context.

Furthermore, LTI integration can cause several headaches if you're not prepared. There are several versions of LTI and each LMS handles LTI integrations differently, even if they technically support the same version. Just because you already wrote an LTI app for another LMS, like Moodle, doesn't always mean the app is going to work the same way in Blackboard. You can also run into trouble if you are converting a mobile app into an LTI-accessible resource.

Additionally, Blackboard's implementation of OAuth 2 is somewhat non-standard. While it still technically follows the OAuth 2 specification, Blackboard's implementation has quirks that aren't generally present in other platforms that use OAuth 2.

Note that large schools and universities may be running different versions of Blackboard on their own in-house servers. Others may use a cloud service, like Blackboard Learn Ultra. An API or LTI app that works for one district's Blackboard environment might appear or work differently in another's.


Read More on Blackboard:

Read these other articles we've written on Blackboard and integrations.

If you're looking for a partner to guide you through developing Google Classroom integrations, then let us introduce ourselves. We're Edlink!