Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Seamless Access stores a users selected institution in the local browser storage. Users should be notified that their institution will be saved and be given the option to block that saving during the identity provider discovery flow.

Advanced Implementation Considerations for User Notice and

Consent

Opt Out

Advanced implementers should include a notice and consent opt out experience in their IdP discovery flow, making it clear that it is SeamlessAccess that remembers the institution. The following best practices are recommended:

  • On the service provider IdP discovery screen, display a check box labeled “Remember my institution with SeamlessAccess”

  • Include the SeamlessAccess logo and link to https://seamlessaccess.org/services/

  • The checkbox will always be selected by default, but the user may deselect it and continue to the log in page of the institution they selected.

  • If the checkbox is deselected, the selected institution is NOT saved in the local browser storage of the users device and the user will need to lookup their Idp on subsequent visits.

  • A “Learn more” link opens a message explaining what information is saved, where, and how a user may remove it.

  • Provide a link to the Seamless Access Privacy page
    https://seamlessaccess.org/about/trust/

  • The text of the message reads:

“The institution you select will be saved in the browser local storage of this device and will be made available to this and other sites that use SeamlessAccess. You may clear your browser local storage at any time.

No login, email or personal information is stored.”

  • Note, in the future, this may be changed to be a mini browser window hosted by SA so SPs do not need to maintain this content.

Error state
Approach A

In some instances, users may have blocked access to the device’s local browser storage. The implementation should check for this and do the following:

  • Display but, disable the checkbox and grey out the checkbox text.

  • Display a message notifying the user that their institution can’t be saved until they enable browser local storage.

  • The text of the message should read:

“We noticed your browser has blocked access to its local storage, which is why the checkbox is currently disabled. If you wish your institution to be remembered, please enable browser local storage in your browser settings.”

Error state
Approach B

  • In the future, this may be changed to be a mini browser window hosted by SA so SPs do not need to maintain this content.

Error state
Approach B

Accessibility Considerations

  • Provide labeling that is available to assistive technology. Users need to be aware of control labels, headings, tip, and other content using screen readers. We recommend complying with the most current version of WCAG Accessibility guidelines at the AA level, WCAG 2.1 or its subsequent versions.

  • On page load


SeamlessAccess IdP Discovery Notice and Consent

The central Seamless Access IdP discovery service handles notification that the selected institution will be remembered as follows:

  • Display a check box labeled “Remember this choice”

  • The checkbox will always be selected by default, but the user may deselect it and continue to the log in page of the institution they selected.

  • If the checkbox is deselected, the selected institution is NOT saved in the local browser storage of the users device.

“The institution you select will be saved in the browser local storage of this device and will be made available to this and other sites that use SeamlessAccess. You may clear your browser local storage at any time.

No login, email or personal information is stored.”

Error state

In some instances, users may have blocked access to the device’s local browser storage. The implementation should check for this and do the following:

  • Display but, disable the checkbox and grey out the checkbox text.

  • Display a message notifying the user that their institution can’t be saved until they enable browser local storage.

  • The text of the message should read:

“We noticed your browser has blocked access to its local storage, which is why the checkbox is currently disabled. If you wish your institution to be remembered, please enable browser local storage in your browser settings.”