| Request No. | 2018-33 |
|---|---|
| Date of Request | June 28, 2018 / August 2, 2018 |
| Requester | Dave Stephens |
| Application(s) | SSO Proxy |
| Section / Page | |
| Steering Hearing Date | |
| Proposed Change to Download File | |
| Proposed Change to Residency Logic |
Problem / Issue
Enhance the SSO Proxy sign-in page to better clarify to students where they are and why they are being re-directed there.
1) Update on status of the following OpenCCC enhancement requests (Donohue)
a. Removal and replacement of the .net domain (as .com and .net are all easy to obtain and commonly used in spoofing efforts).
b. Clearer language and/or imagery that affirms that the OpenCCC and CCC ID mechanisms are actually legitimate. (i.e. "We know you might not be expecting this, but...", etc.). This can easily be accomplished by embedding a short (20-30 second) screencast video. c. Consideration of custom subdomains per CCC point of origination in conjunction with (or w/o) #1 above (i.e. "butte.openccc.edu/idp/profile/SAML2/Redirect/SSO?execution=e4s1")
Notes from meeting:
Reiterated that the college co-branding is needed. College logo branded header is the best decision.
Reiterated the amount of concerns from students saying "Is this legit?"
Reiterated need for a short embedded video (why am I here?)
- add the college co-branded logo to this page (coming from MIS code)
- Add language that this is a ONE time process, your data is safe
- SSN
- Add a canvas or other app logo next to the banner/header of the page
- Add some clarifying language to the sign in fields to identify OpenCCC sign-in creds
Faculty HAVE BEEN filtered out from the proxy flow - they won't see it unless they are ONLY students
IF faculty are also students, they could be informed that they really should be going through the proxy but are currently filtered only.
Butte needs to set up a flyer for 10K incoming students (about this process to convey legitimacy of THIS proxy / Canvas process)
Concerns from Butte: Ensure SSO is in place across the board.
Regarding the pre-seeding CCCID process that Butte is sending out to the students, make sure they have the correct URL (we confirmed this during our meeting)
Butte's message to students will go out by 8/15. (Patty, Get copy of the message they are sending out.)
Matt Norris added that ES is working on a questionnaire which will include their custom URL (vanity url) (ask the OEI CSM has a list of vanity URLs)
Proposed Solution
Butte College and others have been whitelisted from the proxy for any students
Do another round of tests - to ensure the whitelisting is in place as expected.
Currently, the following logic is in place:
- Only students should ever see the proxy for the purpose of ensuring their CCCID is passed (seamlessly) to the endpoint/application
- If a faculty/staff/member at a college is also a student - they are currently being filtered from the proxy BUT this is a temporary change until this process is finalized/approved and all colleges are informed.
Need a date that this or some version of this ^^ can be implemented for proxy flow
Need to work on the language for the sign-in page
Need to come up with two part solution for Butte:
- FAQ for proxy account creation process
- need changes made by X date for their comm campaign
- message with correct URL to the proxy account creation page
Butte will work with Matt Norris (via Dan Neal - who is heading out on paternity leave BTW) to retest the proxy whitelisting. Need to schedule testing of what the proxy is whitelisting
Notes
9+ colleges provided feedback to Dave Stephens on the use of the proxy - concerns about abandonment when they get to the proxy. Most of the concerns and comments were made by staff and FACULTY, who have a very