Enable/Disable Prompting LMS Users for Echo360 Password

Typically, when a user first passes into Echo360 from a Learning Management System (LMS), they do not have an Echo360 password. Unless the instructor or student has used Echo360 at a different institution (using the same email address), or your institution used Echo360 prior to implementing the LMS, they will not have established an Echo360 password until AFTER they have come in through your LMS.

Users new to Echo360 when passing in through the LMS will never be prompted for an Echo360 password, even if they establish one later.

However, Echo360 Administrators likely DO have an Echo360 password when they first pass through to Echo from an LMS. To ensure that administrators are properly verified prior to giving access to Echo360, Admins will be ALWAYS prompted for their Echo360 password the FIRST time (and only the first time) they pass into Echo360 from the LMS.

Some administrators, however, are concerned about instructors or students being confused by a password prompt, if it applies to them. In this case, admins can turn off the password prompt for any user who does not have an administrator role associated with them.

IMPORTANT: Password enforcement was implemented to close a security loophole where an instructor could use an admin's mail address and pass into Echo360 unchallenged, changing roles once in Echo360.
Understand the following about Echo360 password prompts:
- Users who do not have an Echo360 password will not be prompted for one
- Users who have already come in through the LMS, even if they establish an Echo360 password later, will not be prompted  
- Users are only prompted the first time they pass through from the LMS regardless of role

Disabling this prompt is not advised as it ensures that the user is who the system thinks they are, and will not apply to most non-admin users.

To disable LTI password enforcement for existing Echo360 users

  1. Log in as an administrator.
  2. Click the Settings icon in the upper-right corner of the screen.
  3. From the Settings menu, select Institution Settings.
    The Institution appears at the top of the list and is selected by default.
  4. On the right side of the Institution Settings page, click Features.
  5. Under Features, disable the LTI Password Enforcement toggle switch (it is enabled by default).
  6. Click Yes on the confirmation message that appears.

Non-admin users who have an Echo360 password and who are passing through the LMS for the first time, will now NOT be prompted for their Echo360 password. Administrators will be prompted the first time they come into Echo360 from the LMS.