Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.
Multifactor Authentication
Dale Rusche
Tyro
Please add a Multifactor Authentication setting for Panopto accounts
5
Comments
Admins and other users should be able to set up safe login using Two-factor authentication.
I know that this has been marked as "Will not pursue" but our institution is mandating that all privileged accounts with elevated access to the enterprise must have MFA on them.
Our two options are to either work with vendors to get MFA in front of local accounts, or we will need to delete those local accounts.
I know this is a requirement (or at least a preference) for other customers, so I'd like to see Panopto reopen this topic if possible.
Panopto’s inability or unwillingness to offer this option is difficult to justify. Multi-factor authentication is a basic security control at this point and relatively straightforward to implement.
I understand that implementing and supporting MFA can introduce additional operational and support costs. If that is the concern, one option would be to limit it to a small number of accounts per institution, for example five accounts, to keep the support burden manageable.
The accounts we are asking to secure are administrative accounts, which makes this even more important. These accounts have elevated privileges and represent a much higher risk if compromised, so they should have stronger protections than standard user accounts.
I have to assume the internal accounts Panopto staff use for administrative and support access require MFA.
I agree with others on this thread — our native login accounts have site-wide admin privileges and are a necessary fail-safe measure in case our other authentication methods fail. Due to the elevated privileges, these accounts are particularly sensitive and should be protected by MFA.