Administrator Documentation

Using Local Login During an SSO Outage in Brightspace

This article provides guidance for enabling local login access during an SSO outage and restoring SSO access once the issue is resolved.

During Network Downtime

A. Actions for Super Admins

Step	Details
1	Log in Locally Access Brightspace using the local login page: (https://[clientdomain]/d2l/local))
2	Update Login Path Go to the configuration variable: d2l.Tools.Login.OrgLoginPath Note the current SSO URL (you will need this URL once the SSO is available) Change the URL to https://[yourdomain]/d2l/local If the client domain is unavailable, use the default Brightspace URL: https://[clientshortname].brightspace.com/d2l/local
3	Verify Permissions For each role that should have local login access, ensure that the permission Disable Allowing Local Login is not enabled Ensure Disable Allowing Local Login is not enabled. To change the permission, go to Admin Tools > Roles and Permissions > [Role] > Local Authentication Security
4	Update the Login Page Navigate to Admin > Login Page Management and add a message such as: Current access via SSO is unavailable. Please click on Forgot Password to receive a temporary local login password. Expand Advanced Settings and check that Display Local Form Display is set to Expanded and that Do not include a forgot password link is unchecked.
5	Announce Login URL change Follow your organisation’s policies on announcing the URL change

B. Student/Instructor User Workflow

Step	Instruction
1	Access the local login page. (https://[clientdomain]/d2l/local)
2	Click Forgot Password to receive a temporary password.
3	Log in using the new password.
4	Access Brightspace as usual.

C. Actions for Super Admins

Step	Instruction
1	Restore SSO Login Path Go to the configuration variable: d2l.Tools.Login.OrgLoginPath Revert the value to the original SSO URL that you noted This can also be managed via the SAML Administration screen
2	Update the Login Page Modify the login message to: Access via SSO has been restored. Local login is now disabled.
3	Announce Follow your organisation's policies on announcing that the SSO access has been restored.
3	Reset Permissions For each role that should not have local login access, ensure that the permission Disable Allowing Local Login is enabled To change the permission, go to Admin Tools > Roles and Permissions > [Role] > Local Authentication Security> Disable Allowing Local Login Alternatively, via API: Send a POST request to: /d2l/api/lp/(version)/localauthenticationsecurity/overrides/ This will reset all users to disallow local login. Ensure proper authentication and payload formatting.
4	Note: Local Login passwords set during the local login period remain unchanged after reverting to SSO access.
5	Confirm SSO Access Users should now log in via SSO

D. Student/Instructor user workflow:

Step	Outcome
1	Local login access is disabled
2	Users access Brightspace via SSO
3	Users log in using SSO credentials