Preventing Temp Employees from Using Open Sesame License/Seat?

3 months ago
25 January 2024
3 replies
21 views

Userlevel 2

TeriV
Novice III
11 replies

I was wondering if anyone in Doceboland has run into this issue and how they’ve resolved it. We have monthly safety and compliance courses required to be completed by all regular employees. Most of our temporary employees are not issued email addresses, which we use as usernames in Docebo. Some administrative temporary employees are issued emails and end up included in our mass distribution for the company.

I have created a temp Group and a landing page specifically for them that doesn’t have any Open Sesame content. There’s a message on the bottom stating all compliance training should go through their agency.

We are sending an auto-enrollment link in the email for the safety and compliance course, and when the temporary employee clicks the link, they are being enrolled and taking a seat/license for Open Sesame.

I would appreciate any insight into how others are handling this. My brain is not coming up with a solution, so I thought I would send this out to all of you brilliant people.

Thanks in Advance,

Teri

3 replies

Userlevel 7

dklinger
Hero III
1373 replies
3 months ago
25 January 2024

………..

Teri

Teri - good afternoon - the auto-enrollment link is the key issue. The link supports the self enrollment all in one step. Once a person successfully authenticates - the autoenrollment will kick in no matter what.

You can though limit this a few ways:

Stop working with the autoenrollment links.
Send out a link to only the page.
Make sure that the catalog that is being used to deploy the course only grants permission to your targeted audience only.
Make sure your menus support that as well.

Userlevel 6

Here are four options off the top of my head. You will probably want to run these solutions by your company’s security folks.

Option 1: We have situations where we have to assign a bogus email address to students who don’t have real email addresses. In that case you’ll need to assign email addresses that you know will bounce. If you wish, feel free to make up any email address RANDOMSTUFFHERE@updateltr.com. Any email to that domain bounces. (I own it)

Since these employees don’t have real email addresses, they’re also not going to get invitations or be able to validate/change their passwords the normal way. You’ll need to assign those accounts a password and turn off the “must change” setting.

For the temp employees to be able to log in and take the training, the URL to the course, login ID and password will need to be communicated through supervisors.

Option 2: Another option would be to use a temporary/disposable email address for these accounts. The upside is that emails can be delivered to these disposable accounts, but they’re pretty transitory and there is very little security to them.

You’ll find a list of them here: https://www.google.com/search?q=disposable+email+address&rlz=1C1GCEB_enUS920US920&oq=disposable+email+a&gs_lcrp=EgZjaHJvbWUqCggAEAAYsQMYgAQyCggAEAAYsQMYgAQyBggBEEUYOTIHCAIQABiABDIHCAMQABiABDIHCAQQABiABDIHCAUQABiABDIHCAYQABiABDIHCAcQABiABDIHCAgQABiABDIHCAkQABiABKgCALACAA&sourceid=chrome&ie=UTF-8

Option 3: The security-favored option is to have your company set up real email addresses for them, or you may need to collect and use their personal email addresses if policy will allow it.

Option 4: It is possible to use a single Gmail account and “plus addressing” to create many accounts that Docebo will see as unique. However, you’ll be the only one with access to this mailbox. If you want to go this way, you would create accounts like this YOURACCOUNT+1@gmail.com, YOURACCOUNT+2@gmail.com, YOURACCOUNT+3@gmail.com (you could use something other than numbers 1, 2 and 3 if you want). You’ll still have the problem of how to communicate logins/passwords and course links unless you’re going to send those to supervisors.

Userlevel 2

TeriV
Author
Novice III
11 replies
3 months ago
25 January 2024

Thank you both for the suggestions. I can’t mess with their email addresses because they legitimately need to have a company email address because of what position they are filling. I can stop the enrollment links though and just exclude the temp group from the catalog (they only have one catalog anyway.) I think I can enroll my existing Active Employees that aren’t temps in the course and then we can email a link to the page instead of the enrollment link.

Thank you both so much for your input! I appreciate your help. 😁

Reply

Still haven't found what you're looking for?

Sign up for Docebo Community

Log in to Docebo Community

Scanning file for viruses.

This file cannot be downloaded