Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

Password Protected Link (Secure External Sharing)

Michael EspeyMichael Espey Superstar
edited June 2023 in Feature Requests

There is a need to share a video, but also have it require a password for viewership. There are a few potential ways of doing this, but none that are great, and today they all leave the underlying video open when Panopto is used to host the video.

As Panopto increases saturation into other areas (beyond our core Lecture Capture needs), having this sort of flexibility is going to be important.

If there was a solid integration with SharePoint, that may meet our needs in this case, but there are situations where that wouldn't be enough.

Thank you,

Michael

Also, more detail from Elba:

Elba RiosMay 2021 

Not being able to share "securely" puts a damper on collaborations with external partners.

I don't know how secured sharing can be achieved. Adding features like "guest password" or "expiration" date for viewing don't address security either.

Currently when one shares a session with someone outside the institution, using their email, the shared session becomes "public".

  1. The invitee can share link with others.
  2. Others can play the video without signing in, and they can share video as well.

See issue replicated below.

INVITE PEOPLE


NOTIFY PEOPLE, SEND & SAVE CHANGES


WHO HAS ACCESS


EMAIL RECEIVED ON MOBILE DEVICE. THE "COPY LINK" OPTION IS AVAILABLE AND IS SHARED WITH A SECOND PERSON.


VIDEO LINK IS RECEIVED AND PLAYED BY SECOND PERSON.


The video session in the Panopto folder for a course becomes public, and students can share the URL. In the case below, a student in the class shared the video URL with external user (the third person to receive the link). The student sharing was "not" the invited by the creator.


32 votes

Tracking · Last Updated

Comments

  • I agree with this request. Other vendors have this feature. This feature is useful when sharing videos with external entities. For example, we have a Professional Sales competition, students record their sales pitches. The instructor shares the links with external users, and they have requested the ability to add a password as an extra level of security.

  • +1. Being able to password protect an entire folder or an individual video would be great!

  • Dave HannanDave Hannan Administrator

    @Michael Espey @Carlos Coronel @Chris Smith - Have you tried our email invitation feature? I only ask because that feature is off by default and customers aren't always aware of it. Our thinking is that this is actually a more secure way to share content externally as you can easily revoke a particular user/token if needed.

  • Never heard of this feature. How many "hidden" super-admin level features are there that we don't know about it?

    As long as Panopto is working on upgrading:

    1) A unified, simple to use, feature-rich recorder, with a visual indicator in the system tray for audio, virtual backgrounds, etc.

    2) An updated editor, with support for text, graph overlays, ability to assign caption editors

    3) A mobile player with the ability to switch among multiple sources

    I better stop here, the list could get large....

  • @Dave Hannan I really appreciate the reply and the suggestion. I have had the email invitation feature that you mentioned on for a while (where you can send a unique link that allows "Anyone with the link" access even if the folder/session are set another way), and it does work well but for this purpose we needed it to go a bit further. In the case that drove the request, there was a large list of people who needed to be able to share a few videos, but not edit, and a larger list of people who needed access at a moments notice. The vendor who was providing the content also wanted these materials to be behind a password; not a requirement but a suggestion.

    They are not confidential materials, but they are somewhat graphic. The department wanted to have them obscured a bit more than just a link. My idea was to use the email invitation to give each office their own link to share, and if there was a password we could add to that link, it would've been a great solution.

    It would be perfect if we could generate unique links, just like how the email invitation works, but without the need to send it via an automated email from Panopto. With that change, it would be good to be able to add things like availability windows, passwords, and groups to specific links. Similar to how Office 365 works. I think also having the ability to set a password across the board for a session/folder for any viewership would be good.

    In the end, I agree that a unique token for each user is much more secure, but in this case that wouldn't work just because of the volume of users.

  • @Carlos Coronel Here is the feature in question: https://support.panopto.com/s/article/Share-Videos-via-Email-Invitation

    It looks like it is on by default now.

  • Elba RiosElba Rios Whiz Kid

    Not being able to share "securely" puts a damper on collaborations with external partners.

    I don't know how secured sharing can be achieved. Adding features like "guest password" or "expiration" date for viewing don't address security either.

    Currently when one shares a session with someone outside the institution, using their email, the shared session becomes "public".

    1. The invitee can share link with others.
    2. Others can play the video without signing in, and they can share video as well.

    See issue replicated below.

    INVITE PEOPLE

    NOTIFY PEOPLE, SEND & SAVE CHANGES

    WHO HAS ACCESS

    EMAIL RECEIVED ON MOBILE DEVICE. THE "COPY LINK" OPTION IS AVAILABLE AND IS SHARED WITH A SECOND PERSON.

    VIDEO LINK IS RECEIVED AND PLAYED BY SECOND PERSON.


    The video session in the Panopto folder for a course becomes public, and students can share the URL. In the case below, a student in the class shared the video URL with external user (the third person to receive the link). The student sharing was "not" the invited by the creator.


  • Having passwords and automatic expirations per link would bring things a lot closer to what we might want and would cover most of our external needs.

    I think, in general, having the ability to limit the number of views an individual has available would meet several needs that we have. If you could set each individual has 2 views of a video available that would both allow us to use Panopto videos in exams, but it would also allow us to send a link to an external user that can only be opened a single time (with the content owners still having the ability to extend that access to work for more views where appropriate). If there was a note in the sharing email that indicated that the link was only good for one or two views, they will be much less likely to share that access.

    There is nothing stopping them from recording their screen, but having the ability to send secure (or semi-secure) links is the first step.

    Even for the "public" links to non-public content, there are use cases for those modes, but I think there needs to be some sort of tracking available for the use of these links. Having a simple count of the number of times a link has been opened would be good, but if there was a notification when a link might've been shared beyond that individual, that would be great. Something like if a link gets a marked increase in use then the content owner is notified or the link is suspended automatically.

    What Panopto has today in this area is good, and the lift to go from good to great is heavy, but I believe it is a worthy one.

  • Simply allowing creation of external accounts and therefore requiring authentication sounds relatively simple.

    Share via email -> If the user doesn't have an account in our Panopto instance -> When they click they link Panopto creates their account and forces them to set a password. This would require the use of Panopto local accounts and we would need the login screen to display Panopto local accounts, but it would be pretty easy.

  • Elba RiosElba Rios Whiz Kid

    @Michael Espey and @Charles Barbour , thanks for your feedback and ideas for solving secure sharing outside the institution. The ability to limit the number of views an individual has available would meet several needs that we have is a good option. Also, allowing the creation of external accounts, requiring authentication, is also a very good idea. I have pitched link expiration.

    @Cait McCabe , is there something in the roadmap for "sharing" sessions securely, when inviting people outside the institution (via email)?

    Thank you!

  • We've actually having departments and faculty sponsor university guest email accounts for external individuals. They don't have additional access to university content except on Panopto. That has worked out well for people who want to share content with donors or others who may need access to the content.

  • Like Elaine, we have created accounts for external users. We have a Professional Sales competition that is judged by several external experts. We create accounts for them and then share the folder(s) with them. Once the competition is over we change the passwords.

  • Hi folks,

    • Passwords on videos have been highly requested by our user base as well.
    • I think that if someone is 'named' on a video's permissions, it should automatically forgo the password requirement
    • Expiring links would be helpful for this as well.
  • Elba RiosElba Rios Whiz Kid

    @Caitlin McCabe - Do you have an update for us about this feature request. Is it or will it be on the roadmap? Much thanks. - Elba

  • KathrynKathryn Administrator

    @Elba Rios An update on this feature request is not yet available. We don't yet have a list available of what features we're committed to for the next major release in late 2022.

  • Bonnie PowersBonnie Powers Crackerjack

    This would be particularly helpful for institutions that require FERPA compliance! (Like all Universities) A secure option for sharing with individuals outside of the institution would reduce accidental/unintentional oversharing.!

    two thumbs-up for this feature request.

  • Agree. There are some instances in which we need to have a second level of access protection. This is a good "optional" feature to have. However, it needs to be balanced with the access rights - if someone has access to the video, should him/her need to enter the password? Maybe add a "mandatory" option so everyone must enter the password.

Sign In or Register to comment.