AnsweredAssumed Answered

Should we be able to lock default email address from being changed?

Question asked by jazemlya@iu.edu on Oct 13, 2015
Latest reply on Dec 7, 2016 by Shandy Beck

So we have run into an interesting situation with our Canvas external tool integration.  Currently we have quite a few external tools installed in our Canvas instance.  Many of these tools are setup to allow access through canvas but also directly though the local login such as Taskstream, Kaltura, Voicethread to name a few.  We have found an interesting issue where students are changing their default email in Canvas.  Our students cannot delete their institutional email as we have that box unchecked in the account settings.  However since students can change their default email address users are creating problems with using the tools outside of Canvas.  Example of issue below:

 

Suzie Student changes her default email address to suzie@yahoo.com instead of suzie@iu.edu.  Suzie then logs in to Taskstream via Canvas integration and her account is created.  However her new Taskstream account is now associated with the primary email address that is passed over via LTI, suzie@yahoo.com.  If Suzie just accessed Taskstream via Canvas then this would be no big deal.  However, if Suzie logs in to Taskstream directly via our Taskstream portal with SSO her institution credentials and email gets passed on to Taskstream.  Taskstream sees there is no account for Suzie@iu.edu and creates a new account.  Now Suzie has a brand new account that is not linked to Canvas and has none of her prior work available to that account because the system sees these accounts as 2 separate users.

 

Doing more research i am finding other tools that we allow multiple entry points where this is happening.  Some portals are not letting users log in via vendor gateways because the emails do not match so it sees the user as not having an account.  It appears that LTI is only allowing the passing of " lis_person_contact_email_primary" and not the institutional email address.  There are no other email parameters that i can find.  Canvas ID and other canvas variables being passed do not help as obviously those will not be passed by our SSO in the vendoer login page.  Email address would be unique and tie the accounts together but if a student changes it then things break as in above.

 

So, should we be able to lock the default email address from being changed?  Users can still add other email addresses and control forwarding via our local university forwarding service.  Any of you LTI and tool experts out there seeing something i am missing?  Maybe a better variable to recommend to vendors to link both entry points (Canvas and vendor portal) so that we do not run into dual accounts setup or blocked access outside of Canvas?  I am kind of surprised no one has run into this issue yet so maybe i am missing something?  Interested in hearing everyone's thoughts.

Outcomes