Updated Features

Back to Table of Contents

Developer Keys

New Quizzes endpoints in Token Scopes

Admin

Beta Environment Availability	2024-08-19
Production Environment Availability	2024-09-21
Location to Enable Feature	None
Name of LTI Tool	None
Permissions	Developer Keys-manage
Related APIs	New Quizzes
Affects User Interface	Yes
Affected Areas	API Developer Keys
Related Ideas	None

Summary

When adding an API Key, New Quizzes endpoints are available in token scopes for admin.

Change Benefit

This update allows admins to limit the access of an API token to the selected scoped endpoints.

Feature Workflow

API Developer Key New Quiz Endpoints

New Quizzes endpoints are accessible within the token scopes for Admin when adding an API Key.

Feature Video

Not Available

 

Back to Table of Contents

Feature Options

Back to Table of Contents

Feature options allow institutions to enable newly developed Canvas functionality according to their preferred time frame. Unless otherwise noted, all feature options are opt-in and do not require any action by a Canvas admin until a feature's enforcement date is announced. For a complete list of feature options, please see Canvas LMS Feature Options.

A feature preview label indicates a feature option in active development, which is being built directly through user feedback. Feature previews deploy updates outside the regular Canvas release schedule and are posted in the Related Releases section in Canvas Releases & Deploys.

Please reference the table below each feature heading for specific feature information. For general information about feature options, please see the Canvas Release Notes FAQ.

Authentication

Canvas Authentication Provider Password Options

Summary

On the Authentication page, admins can customize passwords for Canvas authentication providers when the Enhance Password Options feature is enabled.

Change Benefit

This feature enables admins to more effectively align Canvas usernames and passwords with institutional policy requirements.

Feature Workflow

Password Options Tray

When the Enhance Password Options feature option is enabled, click the View Options button [1] on the Authentication page. Then, select the desired password options from the Password Options tray [2]. After selecting options, admins can preview the text box that users see when setting a new password [3].

Authentication Page Save Button

Once the desired password options are saved, click the Save button on the Authentication page.

Additional Details

At the time of the initial release, there are some known limitations:

• Users with existing passwords that do not comply with updated policies cannot be prompted to update their passwords.
• Passwords in Canvas are cryptographically hashed and not stored in plain text, making it impossible to identify password violations.
• Administrators setting passwords on behalf of another user may not currently be required to follow the password policy, depending on configuration options.
• This functionality may not be enabled for your institution. It is an account setting that can only be activated by Instructure.
• SIS imports of passwords may not currently be required to comply with the password policy.
• SIS import errors may or may not occur after an SIS import, depending on configuration settings.
• If an institution is uploading passwords via SIS import, it is recommended to validate that the passwords meet the configured policies before uploading.

Feature Video

Settings

Limiting Access Token Generation

Summary

Admins can limit the generation of access tokens with the Admin Manage Access token feature option, Limit personal access token creation to admins account setting and the Users-Manage Access Token admin permission.

Change Benefit

This feature benefits users by enhancing security and control over access tokens. By limiting token generation to admins, it reduces the risk of unauthorized token creation, helping to prevent potential misuse or security breaches.

Feature Workflow

Admin Manage Access Tokens Feature Option

The Admin Manage Access Tokens feature option is available and disabled by default.

Limit Personal Access Token Creation to Admins Account Setting

When the Admin Manage Access Token feature option is enabled, the Limit personal access token creation to Admins setting displays in Account Settings. When enabled, this allows only admin with the Users-Manage Access Token permission to generate access tokens.

Users Manage Access Token Permission

The Users- Manage Access Tokens permission allows admins to create/update and delete access tokens. This permission is enabled but default.

Disabled Add New Access Token Button

When users do not have the Users-Manage Access Tokens permission, the Add New Access Token button is disabled.

Note: Existing personal tokens are not removed, but unauthorized users are unable to regenerate them.

Token Pending Status

If an admin has both the Users - Manage Access Tokens permission and the Users - act as permission, they can masquerade as a user to generate a token on the user's behalf. This updates the status as Pending to prevent unauthorized token generation without the user’s knowledge.The access token should then be securely shared with the user by the admin.  Additionally, an admin can masquerade as a user to delete that user's existing access tokens and regenerate tokens.

Notes: 

• Regenerating an existing access token on behalf of a user will place the token in a pending state, similar to newly generated tokens. The user must activate the token before it can be used. The access token should be securely shared with the user by the admin.
• Tokens generated by an admin on behalf of a user will remain in a pending state until the user navigates to their user settings and activates the token.
• Users will receive an email notification if an access token has been generated on their behalf.

Token Status Activate Link

When an admin generates a token on behalf of a user, the user must click the Activate link. This will change the status to Pending (Activating). Afterward, the user should refresh the screen to see the updated status as Active.

Feature Video