Articulate Mobile App --> Block Access for Inactive LMS Users
I'm using an LMS that does not support Tin Can API (if that matters for this) and have noticed this behaviour:
1. Active user launches course from LMS which loads in Articulate Mobile App.
2. User gets deactivated from LMS.
3. Deactivated user can still launch course on the App as long as he has a Wifi connection. Publishing with "Allow downloading for offline viewing" naturally blocks access, but soon as they enable their wifi they can freely access the course, even if they should have no more permissions to the LMS.
Clearly the App is not authenticating with the LMS, it's like it's reading cached data. It looks like that once the course is first accessed, they can freely access it again and again directly from the App, without any link to the LMS whatsoever.
Thoughts and suggestions to improve security?