Creating email 1, 2 and 3 like Phone number
We would like to have an email 1 email 2 and email 3 similar to how phone is set up. This way we could allow employees to update their personal emails whenever they would like but have it set to read only with their company email. The way the system is set up currently it is all or nothing.
Create an email 1 email 2 and email 3 just like phone numbers are set up in the Request Change Setup are.
Tammy Smith
shared this idea
Upon Clarification, I have created a PR (5564535) to add individual fields in Request Changes for Email Addresses.
Keep an eye out for emails regarding this product idea!
Thank you!
Erik O.
-
Cory Calvert
commented
It looks like this request has been hanging out there for a long time now. This is actually pretty important from a security perspective, as many districts use the primary email address for SSO authentication with SAML. Right now, you can either prevent users from changing any email addresses at all, which keeps the HR department from having an up-to-date secondary contact email, or you can allow users to change all email addresses, including their primary email address, which allows users to effectively change their own username in the system (depending on SSO configuration).
I just had to fix a problem with one of our employees getting locked out of HR/Finance after they updated their own email address, which was set to Auto-Approve in Request Change Setup. I could imagine some districts allowing a combination of SSO and LDAP or local authentication for users, and in that case, if a privileged user who normally logs in with LDAP or a local account didn't have their school email address in the primary email address field, a less-privileged user could simply change their own primary email address to that of the high-privileged user and then reauthentication to the HR system as the high-privileged user through SSO. This seems like a potentially serious security issue.