Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

Make "sharing" secure when inviting people outside the institution (via email) to view a session.

Not being able to share "securely" puts a damper on collaborations with external partners.

I don't know how secured sharing can be achieved. Adding features like "guest password" or "expiration" date for viewing don't address security either.

Currently when one shares a session with someone outside the institution, using their email, the shared session becomes "public".

  1. The invitee can share link with others.
  2. Others can play the video without signing in, and they can share video as well.

See issue replicated below.

INVITE PEOPLE

NOTIFY PEOPLE, SEND & SAVE CHANGES

WHO HAS ACCESS

EMAIL RECEIVED ON MOBILE DEVICE. THE "COPY LINK" OPTION IS AVAILABLE AND IS SHARED WITH A SECOND PERSON.

VIDEO LINK IS RECEIVED AND PLAYED BY SECOND PERSON.


The video session in the Panopto folder for a course becomes public, and students can share the URL. In the case below, a student in the class shared the video URL with external user (the third person to receive the link). The student sharing was "not" the invited by the creator.


8 votes

New · Last Updated

Comments

  • Having passwords and automatic expirations per link would bring things a lot closer to what we might want and would cover most of our external needs.

    I think, in general, having the ability to limit the number of views an individual has available would meet several needs that we have. If you could set each individual has 2 views of a video available that would both allow us to use Panopto videos in exams, but it would also allow us to send a link to an external user that can only be opened a single time (with the content owners still having the ability to extend that access to work for more views where appropriate). If there was a note in the sharing email that indicated that the link was only good for one or two views, they will be much less likely to share that access.

    There is nothing stopping them from recording their screen, but having the ability to send secure (or semi-secure) links is the first step.

    Even for the "public" links to non-public content, there are use cases for those modes, but I think there needs to be some sort of tracking available for the use of these links. Having a simple count of the number of times a link has been opened would be good, but if there was a notification when a link might've been shared beyond that individual, that would be great. Something like if a link gets a marked increase in use then the content owner is notified or the link is suspended automatically.

    What Panopto has today in this area is good, and the lift to go from good to great is heavy, but I believe it is a worthy one.

  • Simply allowing creation of external accounts and therefore requiring authentication sounds relatively simple.

    Share via email -> If the user doesn't have an account in our Panopto instance -> When they click they link Panopto creates their account and forces them to set a password. This would require the use of Panopto local accounts and we would need the login screen to display Panopto local accounts, but it would be pretty easy.

  • Elba RiosElba Rios Whiz Kid

    @Michael Espey and @Charles Barbour , thanks for your feedback and ideas for solving secure sharing outside the institution. The ability to limit the number of views an individual has available would meet several needs that we have is a good option. Also, allowing the creation of external accounts, requiring authentication, is also a very good idea. I have pitched link expiration.

    @Cait McCabe , is there something in the roadmap for "sharing" sessions securely, when inviting people outside the institution (via email)?

    Thank you!

  • Elaine MelloElaine Mello Crackerjack

    We've actually having departments and faculty sponsor university guest email accounts for external individuals. They don't have additional access to university content except on Panopto. That has worked out well for people who want to share content with donors or others who may need access to the content.

  • Like Elaine, we have created accounts for external users. We have a Professional Sales competition that is judged by several external experts. We create accounts for them and then share the folder(s) with them. Once the competition is over we change the passwords.

  • Darren RichardsDarren Richards Crackerjack

    Hi folks,

    • Passwords on videos have been highly requested by our user base as well.
    • I think that if someone is 'named' on a video's permissions, it should automatically forgo the password requirement
    • Expiring links would be helpful for this as well.
Sign In or Register to comment.