I would like to throw my support behind this request. We have had issues with broken access to LTIs because they, by default, identify users using the default email address - so when a student changes their default, it can disrupt LTI services, often by creating a second account for the user. We have also had concerns with LTI vendors having access to users' personal email addresses. Since we now provide university-hosted email for students and faculty, our university is implementing a policy where the university account is expected to be used in university-hosted applications.
Because there is no built-in setting to disble users from modifying their default email address, we have had to resort to CSS code to hide settings in the UI that allow users to change their default email. However, we are finding that some users may still be able to modify their default address. We really need a more secure way of locking-down this user account attribute, please.
... View more