Configuring SAML SSO for Blackboard

This guide offers step-by-step instructions to configure single sign-on to Blackboard through ADSelfService Plus.

Prerequisite

1. Log in to the ADSelfService Plus console with admin credentials.
2. Navigate to  Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select Blackboard from the applications displayed.
   Note: You can also find Blackboard application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
3. Click IdP details in the top-right corner of the screen.
4. In the pop-up that appears, copy the Entity ID and click the Download Metadata file link.
   
   

Blackboard (Service Provider) configuration

1. Log in to Blackboard with admin credentials.
2. Navigate to System Admin → Authentication.
3. Select Create Provider → SAML. Enter the following settings.
   • Name → Type an appropriate name.
   • Authentication Provider → set as Active.
   • User Lookup Method → Username.
   • Restrict by Hostname → Use this provider for any hostnames.
   • Link Text → Type an appropriate link text.
4. Select Save and Configure.
5. In the Entity ID field of the Service Provider Settings, enter the Entity ID from step 4.

6. In the Single Logout Service Type, check the Post and Redirect checkbox.

   

7. Select the Data Source for which single sign-on must be enabled from the given drop-down list.

   
8. Select Identity Federation for the Identity Provider Type.

9. In the Discovery Service URL, enter the Login URL from step 5.

   
10. For the Metadata File, upload the downloaded metadata file from step 5.
11. In the Remote User ID field, select NameID.

12. Map the SAML attribute names with valid user attributes such as,

    • First Name as first_name

    • Last Name as last_name

    • Email as mail

ADSelfService Plus (Identity Provider) configuration steps

1. Navigate to ADSelfService Plus' Blackboard Configuration page
2. Enter the Application Name and Description.
3. In the Assign Policies field, select the policies for which SSO need to be enabled.
   Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
4. Select Enable Single Sign-On.
5. Enter the Domain Name of your Blackboard account. For example, if you use johndoe@thinktodaytech.com to log in to Blackboard, then thinktodaytech.com is the domain name.
6. In the SP identifier field, enter the name of your organization found in the Blackboard portal URL. For example, if the portal URL is thinktoday.blackboard.com, the SP Identifier is thinktoday.
7. Enter the Assertion Consumer Service URL provided by your application service provider in the Assertion Consumer Service URL field. If required, click the + button next to the text field to add multiple Assertion Consumer URLs. These values can be found in the application's SSO configuration page or metadata. Please reach out to your application's support team if you are having trouble locating the Assertion Consumer Service URL in your application's user interface or metadata.
8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application

9. Click Add Application