• Show all questions in: System Integration · Auth Integration

• AD / LDAP Authentication
• inCommon POP
• Viewing an embedded VoiceThread with external authentication

inCommon POP

This is the VoiceThread inCommon Participant Operational Practices, as required for participation in the inCommon Federation. If you have any questions about these policies, please contact our Support team or your VoiceThread account manager.

Service Provider Identification

This POP covers the service provider registered as: https://he.voicethread.com/shibboleth-sp

Any future VoiceThread SPs may be covered under different POPs.

Required Attributes

VoiceThread requires a unique identifier (such as eppn or targeted-id) and an email address. All other attributes are optional, though some additional attributes may be required for an optimal user experience and/or to enable an implementation that meets specific client needs.

Common Optional Attributes

In all configurations, VoiceThread will use available first (givenName or similar) and last (sn or similar) name data to provide a more personalized user experience. In organizations that have a variety of user roles, VoiceThread uses eduPersonPrimaryAffiliation, eduPersonAffiliation or similar to determine status (student, faculty, staff, etc) and grant the correct type of account.

Usage of Attributes

We do not use attributes beyond basic access control and grouping decisions. We do not share attribute data with any partner or with other organizations at all.

Personally Identifiable Information

We store personally identifiable information (first name, last name, etc) as necessary for normal operation of VoiceThread, plus meeting any needs (automatic account type, etc) of the customer. We may also store additional attributes for reporting purposes, but only at the customer's written request. This information is stored in a database with strong access control. Only a limited subset of VoiceThread staff have direct data access. All data is sanitized before insertion into the database, so even Little Bobby Tables can use VoiceThread.

Privileged Accounts

Access to superuser type accounts is limited to a subset of the VoiceThread staff, and requires additional levels of authentication beyond the normal VoiceThread sign-in process. These individuals fully understand and appreciate the privacy expectations of our users, and any additional staff receiving such access receives a thorough orientation.

Responsible Information Disclosure

If personally identifiable information is compromised, we will notify the primary VoiceThread organization contact via email once we have confirmed that there was any compromise.