-
Jump to
- November 29
- Feature Releases
- Bugs
- November 20
- Feature Releases
- November 14
- Feature Releases
- Bugs
- November 8
- Feature Releases
- Early Announcements
Β
November 29th, 2023
PANORAMA
Copy Reporting Looks and Dashboards across Panoramas
Save time and share key insights for each panorama client by copying panorama custom reports! Weβve made it a whole lot easier to share reports with Panorama Admins and Managers. Main Site Admins can now copy any Looker look or dashboard from a panorama reporting hub into other selected panoramas.
See the Panorama Reporting Hub article for the how-to.
We released the following quality improvements:
- Image of certificates imported via the External Course Activity REST endpoint are now visible to learners and admins in the learner transcript.
- Admins can now print/download the full transcript in cases where it extends past one page.
We released fixes for the following:
- Learners receive a processing error alert when logging in if they have a linked workbook associated with a course that has been deleted.
- The share to Facebook button on the "Social Share Cards" link to X (formerly Twitter).
- When a learning path is associated with a tag and that tag is used in a recommendation assessment, when the learning path is deleted, it remains associated with the recommendation assessment.
November 20th, 2023
SECURITY
Improved Account Lockout and Login Rate Limiting Functionality
We released three updates to improve site security surrounding account lockout and login rate limiting functionality.
- New Account Lockout Functionality
- New Login Rate Limiting Functionality
- Change to existing Security Volume Requests setting
New Account Lockout Functionality
This is a global improvement affecting all instances and all users. The objective is to prevent a malicious actor from breaking into a single account by guessing the password to that account. By using translations, Admins now have more control over the experience of learners who are having trouble logging in.
New Behavior: Locks out an individual user after 5 failed login attempts within 30 minutes to their account. (Does not take IP address into account.) After a user is locked out, theyβll see the login-too-many-attempts
translation, which defaults to βYou have made too many login attempts. Please try again in 30 minutes.β
New Login Rate Limiting Functionality
This is a global improvement affecting all instances and all users. The objective is to prevent a malicious actor from breaking into multiple accounts, e.g., by guessing the password βtesttestβ across a variety of email addresses. This is typically an automated effort that tries thousands of email/password combos in a short time.
It is no longer necessary to enable the Disable Security Volume Requests setting when planning to have multiple users logging in from the same IP address. Any volume of people can log in from the same IP (for example, an office) within a short time window without the need to disable protection against malicious attacks against multiple accounts. The users may just have to prove they're human as they all log in at the same time.
New Behavior: After a high volume of login attempts (failed or otherwise) in a certain time period by a single IP address, we will present a managed challenge, which allows the users to prove they are human by clicking a button, and assuming the users are human, it allows the users to continue.
Change to existing Security Volume Requests setting
Path:Β Settings > Security
The objective is to prevent a malicious actor from sending a large volume of other types of requests β not login requests, but other things like code redemptions. This release results in a narrowed scope as compared to what this setting previously did because login security is instead in place as part of the new functionality detailed above.
This setting may still be helpful for in-person events that involve code redemption. See our article here on Security options.
New Behavior: Block all users from a particular IP address if we receive a large volume of other types of requests (not login requests, but other things like code redemptions) from the IP in a short period of time.
Options:
- Disabled (default): Block code redemptions after high number of attempts from the same IP within 5 minutes. Users can redeem codes after the allotted number of minutes have passed (i.e., 5).
- Enabled (ignore volume requests): Donβt block code redemptions based on IP.
November 14th, 2023
USER MANAGEMENT
New Role Permission to Manage Webinar Integration Settings
Weβre making admin permissions a bit more granular to make it easier for your admins to manage webinar connections. The new Manage Webinar Settings permission will allow users to access the Webinar Settings page, where admins can add, manage, and reconnect accounts for various webinar providers.
Note
This update was pre-announced last week. Please take note that some admin permissions for webinar settings have changed and depending on your organizationβs needs, you may need to take action to change permissions for certain admin roles.
This permission was previously included with the Manage School Settings permission. Access to the Webinar Settings page was enabled as part of the Admin default role, since Manage School Settings was enabled for the role by default.
Change to permissions for default Course Author role:
Weβre also enabling this permission for the Course Author default role because Course Authors need to have active and accurate webinar accounts as part of their normal course authoring flow. If you do not want your Course Author users to access webinar providers, you can assign your users a custom role without the Manage Webinar Settings permission enabled.
Change to permissions for custom roles:
This permission is disabled by default for all other roles, including all existing custom roles. If you would like any of your users with custom roles to have access to webinar settings, youβll need to enable this permission for those roles.
CONTENT
Award, Certificate, & Design configurations carry over when copying courses and creating sessions
When you make copies of learning paths and courses, youβll now see more objects and settings copy over to the new course or session. Save time by creating content templates and know that important settings will be in any copies of that template!
Design tab settings added:
From the Design tab within a content item, Custom CSS and Appearance settings will now be copied to the new content item. Youβll see this new copying behavior for all content items that have these settings.
Path:Β Content >Β Manage Content > Content Title > Design step
Completion tab settings added:
From the Completion tab of a content item, Certificates (including CAM certificate configurations) and Awards will also be copied to the new content item. This behavior also applies to all content items with Certificates and/or Awards, but note that Certificates and Awards can only be copied over when the copied content item belongs to the same company as the original. If you select a different company to copy into, certificates and awards will not be carried over into the copy.
Path:Β Content >Β Manage Content > Content Title > Completion step
Youβll notice this improved copying behavior when you copy a course or create a new session from within the admin interface, when you use bulk import to create new sessions, and when you clone or create new sessions via API.
ECOMMERCE
Update Credit Batch Quantity and Expiration Date
If you utilize Training Credits as part of your panorama content distribution workflow, todayβs release gives you additional control over your credit batches!
Itβs now possible to set different expiration rules for each credit batch, to edit expiration dates, and to edit credit batch balances. These actions can be accomplished in several ways:
- Main site admins with the Manage Credit Accounts permission can now edit expiration dates and balances in the admin interface.
- Credit batch expiration dates can be set via API with the existing Create Credit Batch REST API.
- Credit batches can be updated via API with a new Update Credit Batch REST API.
CONTENT
Conditional Redirect for Content Detail Pages
You can use our new Conditional Detail Page Redirect functionality to effectively increase privacy for your unreleased content detail pages. With this functionality enabled, when users try to access the native detail page of an unreleased content item they are not enrolled in or provisioned to (e.g., by copy/pasting the detail page URL into their browser), they can be redirected to another URL of your choice.
This new functionality relies on the existing External Detail Link field. You can read more about it in our Building a Detail Page support article. Also note that, unless the new functionality is enabled, existing functionality of the External Detail Link field is unaffected.
We released fixes for the following:
- Not able to use the bulk "Course Group Import" functionality with tags.
- While editing a panorama landing page the 'View Live Page' button displays the redemption page (/redeem) rather than the panorama landing page.
- When the "Always Regenerate Certificates" feature flag is active, the link to past certificates on a learner's transcript is updated to the current certificate when a new certificate is issued.
- When editing the catalog settings for content items, specifically the tags field, the names that are used for folders are showing up as tags that can be selected and added to content.
- When editing a quiz or test page type and adding questions the questions appear for the learner even if the updates have not been published.
November 8th, 2023
API
Respect limit days of access setting for API enrollments
You can now limit the number of days learners have access to content when they are enrolled via API. Previously, the Limit days of access after enrollment? setting did not apply to learners who gained access to content via API enrollments. With the release of this optimization, the Create and Update Users API endpoint now contains a enforceAccessDays
property that, when set to true, will enforce access limits for new API enrollments. The attribute will also be available in the interface for OID and SAML, and will work with JWT.
USER MANAGEMENT
New Role Permission to Manage Webinar Integration Settings
Our November 14th release will include a ticket that may have an effect on permissions for custom admin/manager user roles that have the Manage School Settings permission enabled. Please see below for details on this planned change and contact your CSM if you have any questions or concerns.
Weβre making admin permissions a bit more granular to make it easier for your admins to manage webinar connections. The new Manage Webinar Settings permission will allow users to access the Webinar Settings page, where admins can add, manage, and reconnect accounts for various webinar providers.
This permission was previously included with the Manage School Settings permission. Access to the Webinar Settings page was enabled as part of the Admin default role, since Manage School Settings was enabled for the role by default.
Change to permissions for default Course Author role:
Weβre also enabling this permission for the Course Author default role because Course Authors need to have active and accurate webinar accounts as part of their normal course authoring flow. If you do not want your Course Author users to access webinar providers, you can assign your users a custom role without the Manage Webinar Settings permission enabled.
Change to permissions for custom roles:
This permission is disabled by default for all other roles, including all existing custom roles. If you would like any of your users with custom roles to have access to webinar settings, youβll need to enable this permission for those roles.