Hello All -
This is still an issue for all K12's - 03/2024
Has there been any changes, work arounds, or new developments for this issue?
Dennis
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Our Read The Web application uses oauth2 for users to login using their school Microsoft accounts.
Unfortunately we have received reports that students are able to circumvent web filtering by using the github sign-in option (and a number of other clicks using the initial 'security' link on the github login page) which is causing a major issue with school that are using our product and others utilizing the Microsoft oauth2 login at:
https://login.microsoftonline.com/common/oauth2/authorize
This post mentions one method of circumvention:
https://feedback.azure.com/d365community/idea/4b1c76f0-f525-ec11-b6e6-000d3a4f06a4
This is not the exact path that we have found but similar.
Clicking the 'security' link at the bottom of this page provides a gateway to circumvention. There should not be -any- links on a sign-in page in my opinion.
After some research I have found what appears to be the answer that the sign-in options cannot be hidden.
https://learn.microsoft.com/en-us/answers/questions/318708/remove-sign-in-options.html
https://learn.microsoft.com/en-us/answers/questions/361891/how-to-remove-the-sign-in-options-from-the-login-p.html
Removing the entire sign-in screen is not an option.
There should be the option to remove or disable the sign-in options either at the oauth request level at the very minimum. Certainly there should not be any links on any sign-in page other that what are strictly required for operation.
Hello All -
This is still an issue for all K12's - 03/2024
Has there been any changes, work arounds, or new developments for this issue?
Dennis
Hey Dennis,
You can fix this now with a custom CSS File. These are the settings I changed to resolve it for our organization.
.ext-promoted-fed-cred-box
{
/* Styles for sign-in options text box */
display: none !important;
}
I also removed the "Can't access your account?" URL since that was used as a bypass as well.
Info about using the css template
|https://learn.microsoft.com/en-us/entra/fundamentals/reference-company-branding-css-template
CSS template File
https://download.microsoft.com/download/7/2/7/727f287a-125d-4368-a673-a785907ac5ab/custom-styles-template-013023.css