Hi, where is the user authenticated to of he logs on via the external site widget? It is unclear for me where the user is registrated and validated. It does not seem to be registered on my own SharePoint environment!
How can the user log off? Now the user can log in, see his issues, but the user cannot log-off. To my opinion this is a security flaw!
Hi @4kgpeter,
Thank you for your question and for the valuable feedback.
If the widget is placed on external site user has to register in the system (Office 365 authentication is not involved here). When user registers and sets a password, its hash is stored inside your SharePoint help desk site. Password is not stored in the open form, only hash.
When user signs in the hash is extracted from the password and compared to the hash stored in the SharePoint site. That is how all forms authentication sites work.
All communications are performed over encrypted HTTPs connection.
Regarding the log-off functionality. For, now it is only possible to wait until the session expires or clear browser cookies. We plan to add log-off functionality in the future releases.