Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

A Message to Our Customers Regarding the Canvas Security Incident

Brianna ParkerBrianna Parker Administrator
in Announcements

We are aware of the security incident affecting Canvas and want to reach out directly to our shared customers and school partners with transparency and care.

Panopto systems and data have not been affected by this incident. Our platform operates independently, and we have no indication that any Panopto customer data has been compromised.

We understand this is an unsettling situation for many of you, and we want to support you in any way we can. If you are concerned about the connection between Canvas and Panopto and would like to temporarily disconnect the integration until this situation is resolved, you can do so by following these steps:

  1. Log in to Panopto using an administrator account
  2. Navigate to Identity Providers in your settings
  3. Click edit next to your Canvas IDP
  4. Clear the Admin Token, Client ID, and Client Secret fields

Please note: Removing these credentials will break the Canvas–Panopto integration, meaning users will no longer be able to log in to Panopto through Canvas. Before taking this step, please ensure that administrators and key users have an alternative way to access Panopto so the integration can be restored when you are ready.

To re-enable the integration, you can follow the guide found here: How to Set Up the Canvas Integration for LTI 1.3.

We will continue to monitor the situation closely and will provide updates as new information becomes available. The security and trust of our customers is our top priority, and we are here to help.

If you have questions or need assistance, please reach out to our support team at [email protected].

— The Panopto Team

Tagged:

Comments

  • Brianna ParkerBrianna Parker Administrator

    Last Updated on May 8 at 3 pm ET

    Instructure has shared new details about the Canvas security incident. According to their latest communication, the attack vector was limited to Free-For-Teacher accounts, and they have found no evidence that the compromise extended further or that threat actors maintain ongoing access. As part of their response, Free-For-Teacher accounts have been taken offline.

    For institutions that wish to rotate their Admin Token, Client ID and Client Secrets you can do so by following steps 2-5 in our setup guide found here: How to Set Up the Canvas Integration for LTI 1.3.

    We continue to actively monitor the situation and are prepared to take mitigatory action should we receive information about or identify additional risk to your data.

Sign In or Register to comment.