moot

Open full view…

Surprised that Secure Embedding isn't standard

Bill W
Mon, 20 Feb 2017 21:33:09 GMT

I just noticed the Secure Embedding requires the Medium plan. It's disappointing to me that we have to pay extra to prevent other sites from hijacking our forums. It also doesn't seem to make sense that you would do Federated Identity (available on the Small plan) without doing Secure Embedding. Since there's no account setting to enforce SSO, without Secure Embedding turned on there's nothing to stop a user from just going to the hosted forum page and creating a (non-federated) account there and posting. Am I overlooking a setting somewhere?

Monika
Wed, 22 Feb 2017 05:19:03 GMT

Essentially, the SMALL plan is about streamlining authentication. Federated ID, in our reading, isn't about restricting access or limiting ways people can access a forum. But, instead, it's about making it simpler for people, so they don't need to login twice to post. The theme of the MEDIUM plan, however, is restricting access and security. There is the Members-Only feature, and secure embedding, and it's separate from the "streamlined" effect of Federated ID. That's our reading, and why we decided on doing it that way. I understand that our plans don't work perfectly for everyone, but we do our best to come up with plans that work for the most people.

Bill W
Wed, 22 Feb 2017 15:25:15 GMT

Thanks for the explanation.

jrdiniz
Wed, 13 Sep 2017 15:01:48 GMT

Ok, I can use embed secure in Small plan correct but not only secure embed? This resource is very important to my project, I started the internal process do buy the small plan (anual)

Monika
Wed, 13 Sep 2017 20:46:59 GMT

That is correct. the SMALL plan supports Federated ID with signed embedding But if you want the "allow only signed embeds" feature which we call "secure embedding" that requires the MEDIUM plan :)