Summary

We have enhanced platform security by disabling automatic ProctorExam sign-ins from LTI integrations (e.g. Canvas, Moodle, Blackboard) to prevent potential user impersonation, especially if there are security loopholes on the LMS itself. LTI sessions are now isolated; users returning to the ProctorExam environment will be automatically signed out and must log in manually. Users without known credentials can use the "Forgot Password" feature to gain access.

Bug fixes

[LTI] Prevented automatic ProctorExam sign-ins via LTI integrations to mitigate impersonation risks. Sessions are now flagged as lti_initiated, ensuring users are automatically signed out when entering the ProctorExam environment and must authenticate manually.