Institution Settings tidy up

The Identity Server Institution Settings section has been renamed to Authentication, and a number of settings have been relabelled, and redundant items hidden to tidy up this area.

Authentication Institution Settings

B2C registration flow changes

A new institution setting External Authentication show Registration page to new users, has been introduced with a default setting of Y (Yes). When set to Y, a user signing up with B2C will be redirected to the UserRegistrationExternal page to allow an institution to capture further details about the user, such as a date of birth. This was the existing functionality prior to 4.46.

If the setting is set to N (No), then the flow will redirect the user to a new page UserRegistrationExternalNonInteractive which will display a message 'Please wait while we complete your registration' before redirecting the user to their target page. The user will not be required to complete any additional fields to complete their registration.

Please note, that when using this flow then you may wish to consider mandating population of fields in B2C. For example, if Surname is not specified, this page will use a default of 'Not specified' as within ebs a Surname is a mandatory field.

Authentication Institution Settings

Configure ebs for External Authentication

Additional ontrack URL parameters made available to control authentication methods

Additional URL parameters may be added to ontrack Hub and ontrack Learner Hub to bypass the ebs login page and direct users to authenticate using a specific authentication provider. The URL parameters are as follows:

• AuthProvider=ExternalLearner - Authentication using External Learner B2C configuration

• AuthProvider=ExternalHub - Authentication using External hub B2C configuration

• AuthProvider=Default - Authentication using the default OIDC configuration

Configure ebs for External Authentication

Auditing improved for third-party authentication

The auditing information that is recorded when a user authenticates into ebs using a third-party provider has been extended to include further information that will identify the provider. This will allow users to distinguish between authentication providers, such as Azure B2C or Entra ID.

Not applicable

Improved auditing for B2C

The Auditing of 3rd party authentication has been improved to include scenarios where a user successfully authenticates with a 3rd party provider, but then cannot access ebs due to data issues. For example, their email address doesn't match with an ebs record, or matches with multiple records.

Additionally, the user is shown an Access Denied page to make it clearer that this isn't a general unhandled error. The specific details of the error are not shown to the end user to comply with security standards protecting ebs from malicious users.

Not applicable