Pre-release · Canvas Safe Exam Browser LTI
Lock down a Canvas exam and prove it stuck.
Require Safe Exam Browser on any Canvas quiz, and know the lockdown is really running before the exam opens. The access code is created, hidden, and released only to a verified session — so there is nothing to email around, and nothing for a student to leak.
All four hold → code filled into Canvas for the student
single-use · no-store · never shown on screen
Fig. 01 — any one check fails, no code is returned
§01 — The problem
An access code a student can read is not a control.
Put a code on the quiz and hand it out, and it is only as safe as its least careful holder. Canvas SEB takes the human out of that path entirely.
One code, copied by hand from inbox to inbox.
The code never leaves the server as something a person can read.
The only way to hold a valid access code is to already be inside a locked-down exam.
§02 — How it fits together
Three systems, one enforced path
Canvas stays the system of record. Safe Exam Browser stays the lockdown client. Canvas SEB sits between them and makes the handoff provable instead of trusted.
Canvas
01System of record
- LTI 1.3 launch
- Access code set on the quiz
- Theme loads the detector
Canvas SEB
02The proof engine
- One-time config download
- Config Key proof
- Single-use code release
Safe Exam Browser
03The lockdown client
- Encrypted config opens
- URL filter enforced
- Exit only when Canvas confirms
§03 — What makes it different
Four decisions worth knowing before you compare it to anything else
Proof before any code
The access code is never printed or handed out. SEB must first prove — cryptographically, to the server — that it is running your exact configuration. Only then is the code released, once.
Encrypted to your certificate
Every config file is locked to an X.509 certificate you control. The private half lives only on approved, managed devices — so a leaked file is useless anywhere else. The service only ever holds public keys.
No cookie copying
Students reach Canvas inside SEB through a scoped, single-use session URL minted per download. Normal-browser cookies are never copied into a config file or exposed through the API.
Classic and New Quizzes together
One placement covers both assessment engines with the same policy, the same student flow, and the same proof requirement — so a migration does not mean running two lockdown processes.
§04 — Who touches it
Built so almost nobody has to think about it
The controls hold whether or not an instructor is careful and whether or not a student is honest. The bar shows how much each person actually does.
Open source, then optional help
Read it, run it, or hand it to us.
Assessment-integrity software you cannot inspect asks for a lot of trust. At release, the whole application is open source — the same build the managed service runs. Nothing is held back to make a paid tier look better.
The managed tier sells operation: provisioning, upgrades, certificate rotation planning, and someone who answers during an exam window. Prefer to own that? The docs are there and the software is free.
Canvas SEB is running in pilot and is not yet generally available. The source release and the managed service are both in progress.
Public routes such as /lti/config and /health are treated as integration contracts and stay stable across releases.
Tell us about your Canvas environment.
We are working with a small number of institutions ahead of general availability. If you run Canvas and require Safe Exam Browser — or gave up trying to — we would like to hear what that looks like for you.