BenchPrep will be releasing a change in our January 20, 2022 that will prevent users that access the Platform via a Single Sign-on (SSO) integration from setting or resetting a native BenchPrep password. This document will outline existing use cases and how it will impact users that currently reside in the BenchPrep Platform.
An SSO user is defined as any user with an associated identity provider (or multiple identity providers) in the BenchPrep system. A user gains an association to an identity provider when they access the BenchPrep platform through an established Single-Sign-On integration, which is inclusive of SAML, OIDC AND LTI 1.3 (Learning Tools Interoperability).
Use Cases and Projected Change
User does not have an established identity provider
A user without an established identity provider that currently authenticates into BenchPrep via BenchPrep’s native authentication. These users may or may not have an established Password in the BenchPrep platform, depending on how their BenchPrep account is created.
IMPACT - There will be NO impact on this user population.
User with an established identity provider and no BenchPrep password
A user that currently logs in via an established SSO integration (SAML, OIDC or LTI), but does not have a password defined in the BenchPrep platform.
IMPACT - A native BenchPrep platform CANNOT be established for these users. These users will be required to login via their established Single Sign-On.
User with an established identity provider and existing BenchPrep password
A user that currently logs in via an established SSO integration (SAML, OIDC or LTI), but does have a password defined in the BenchPrep platform.
IMPACT - The user's established password with BenchPrep will remain in place. The user will be able to authenticate into BenchPrep via their established SSO OR BenchPrep’s native login using their previously established password. The user's existing password cannot be changed (but will remain active unless removed).
User existing BenchPrep password that later establishes an identity.
A user that currently authenticates into BenchPrep via BenchPrep’s native login and an established BenchPrep password, but does not initially have an established identity provider. This user later establishes an identity provider by accessing BenchPrep via an SSO integration (SAML, OIDC, LTI)
IMPACT - The user will be able update their password until an identity provider is established. Once an identity provider is established the user’s native BenchPrep password that was in place at the time the identity provider was established will remain active and continue to allow the user to Authenticate via BenchPrep’s native login. Once the identity provider is established the user will no longer be able to update the previously existing password.