Password Protected Link (Secure External Sharing)
Michael Espey
Superstar
There is a need to share a video, but also have it require a password for viewership. There are a few potential ways of doing this, but none that are great, and today they all leave the underlying video open when Panopto is used to host the video.
As Panopto increases saturation into other areas (beyond our core Lecture Capture needs), having this sort of flexibility is going to be important.
If there was a solid integration with SharePoint, that may meet our needs in this case, but there are situations where that wouldn't be enough.
Thank you,
Michael
Also, more detail from Elba:
Not being able to share "securely" puts a damper on collaborations with external partners.
I don't know how secured sharing can be achieved. Adding features like "guest password" or "expiration" date for viewing don't address security either.
Currently when one shares a session with someone outside the institution, using their email, the shared session becomes "public".
- The invitee can share link with others.
- Others can play the video without signing in, and they can share video as well.
See issue replicated below.
INVITE PEOPLE
NOTIFY PEOPLE, SEND & SAVE CHANGES
WHO HAS ACCESS
EMAIL RECEIVED ON MOBILE DEVICE. THE "COPY LINK" OPTION IS AVAILABLE AND IS SHARED WITH A SECOND PERSON.
VIDEO LINK IS RECEIVED AND PLAYED BY SECOND PERSON.
The video session in the Panopto folder for a course becomes public, and students can share the URL. In the case below, a student in the class shared the video URL with external user (the third person to receive the link). The student sharing was "not" the invited by the creator.
Comments
I agree with this request. Other vendors have this feature. This feature is useful when sharing videos with external entities. For example, we have a Professional Sales competition, students record their sales pitches. The instructor shares the links with external users, and they have requested the ability to add a password as an extra level of security.
+1. Being able to password protect an entire folder or an individual video would be great!
@Michael Espey @Carlos Coronel @Chris Smith - Have you tried our email invitation feature? I only ask because that feature is off by default and customers aren't always aware of it. Our thinking is that this is actually a more secure way to share content externally as you can easily revoke a particular user/token if needed.
Never heard of this feature. How many "hidden" super-admin level features are there that we don't know about it?
As long as Panopto is working on upgrading:
1) A unified, simple to use, feature-rich recorder, with a visual indicator in the system tray for audio, virtual backgrounds, etc.
2) An updated editor, with support for text, graph overlays, ability to assign caption editors
3) A mobile player with the ability to switch among multiple sources
I better stop here, the list could get large....
@Dave Hannan I really appreciate the reply and the suggestion. I have had the email invitation feature that you mentioned on for a while (where you can send a unique link that allows "Anyone with the link" access even if the folder/session are set another way), and it does work well but for this purpose we needed it to go a bit further. In the case that drove the request, there was a large list of people who needed to be able to share a few videos, but not edit, and a larger list of people who needed access at a moments notice. The vendor who was providing the content also wanted these materials to be behind a password; not a requirement but a suggestion.
They are not confidential materials, but they are somewhat graphic. The department wanted to have them obscured a bit more than just a link. My idea was to use the email invitation to give each office their own link to share, and if there was a password we could add to that link, it would've been a great solution.
It would be perfect if we could generate unique links, just like how the email invitation works, but without the need to send it via an automated email from Panopto. With that change, it would be good to be able to add things like availability windows, passwords, and groups to specific links. Similar to how Office 365 works. I think also having the ability to set a password across the board for a session/folder for any viewership would be good.
In the end, I agree that a unique token for each user is much more secure, but in this case that wouldn't work just because of the volume of users.
@Carlos Coronel Here is the feature in question: https://support.panopto.com/s/article/Share-Videos-via-Email-Invitation
It looks like it is on by default now.
Not being able to share "securely" puts a damper on collaborations with external partners.
I don't know how secured sharing can be achieved. Adding features like "guest password" or "expiration" date for viewing don't address security either.
Currently when one shares a session with someone outside the institution, using their email, the shared session becomes "public".
See issue replicated below.
INVITE PEOPLE
NOTIFY PEOPLE, SEND & SAVE CHANGES
WHO HAS ACCESS
EMAIL RECEIVED ON MOBILE DEVICE. THE "COPY LINK" OPTION IS AVAILABLE AND IS SHARED WITH A SECOND PERSON.
VIDEO LINK IS RECEIVED AND PLAYED BY SECOND PERSON.
The video session in the Panopto folder for a course becomes public, and students can share the URL. In the case below, a student in the class shared the video URL with external user (the third person to receive the link). The student sharing was "not" the invited by the creator.
Having passwords and automatic expirations per link would bring things a lot closer to what we might want and would cover most of our external needs.
I think, in general, having the ability to limit the number of views an individual has available would meet several needs that we have. If you could set each individual has 2 views of a video available that would both allow us to use Panopto videos in exams, but it would also allow us to send a link to an external user that can only be opened a single time (with the content owners still having the ability to extend that access to work for more views where appropriate). If there was a note in the sharing email that indicated that the link was only good for one or two views, they will be much less likely to share that access.
There is nothing stopping them from recording their screen, but having the ability to send secure (or semi-secure) links is the first step.
Even for the "public" links to non-public content, there are use cases for those modes, but I think there needs to be some sort of tracking available for the use of these links. Having a simple count of the number of times a link has been opened would be good, but if there was a notification when a link might've been shared beyond that individual, that would be great. Something like if a link gets a marked increase in use then the content owner is notified or the link is suspended automatically.
What Panopto has today in this area is good, and the lift to go from good to great is heavy, but I believe it is a worthy one.
Simply allowing creation of external accounts and therefore requiring authentication sounds relatively simple.
Share via email -> If the user doesn't have an account in our Panopto instance -> When they click they link Panopto creates their account and forces them to set a password. This would require the use of Panopto local accounts and we would need the login screen to display Panopto local accounts, but it would be pretty easy.
@Michael Espey and @Charles Barbour , thanks for your feedback and ideas for solving secure sharing outside the institution. The ability to limit the number of views an individual has available would meet several needs that we have is a good option. Also, allowing the creation of external accounts, requiring authentication, is also a very good idea. I have pitched link expiration.
@Cait McCabe , is there something in the roadmap for "sharing" sessions securely, when inviting people outside the institution (via email)?
Thank you!
We've actually having departments and faculty sponsor university guest email accounts for external individuals. They don't have additional access to university content except on Panopto. That has worked out well for people who want to share content with donors or others who may need access to the content.
Like Elaine, we have created accounts for external users. We have a Professional Sales competition that is judged by several external experts. We create accounts for them and then share the folder(s) with them. Once the competition is over we change the passwords.
Hi folks,
@Caitlin McCabe - Do you have an update for us about this feature request. Is it or will it be on the roadmap? Much thanks. - Elba
@Elba Rios An update on this feature request is not yet available. We don't yet have a list available of what features we're committed to for the next major release in late 2022.
This would be particularly helpful for institutions that require FERPA compliance! (Like all Universities) A secure option for sharing with individuals outside of the institution would reduce accidental/unintentional oversharing.!
two thumbs-up for this feature request.
Agree. There are some instances in which we need to have a second level of access protection. This is a good "optional" feature to have. However, it needs to be balanced with the access rights - if someone has access to the video, should him/her need to enter the password? Maybe add a "mandatory" option so everyone must enter the password.