I have managed users on my local network using Roku TVs. I would previously connect these users using a code. Plex on the Roku device would generate a 4 digit code that I would input into plex.tv/link (logged in as me).
Now my managed users only get a log in with email prompt.
On the managed side, the only thing different is we updated the Roku TV software and combined a few of the Roku TVs under one Roku account.
Any insight would be appreciated.
Roku mandated change. You can still PIN protect Plex Home accounts, but no more login using plex.tv/link.
So what email login do I use for the managed loginsā¦ the adminās? As far as I know managed users do not have an email address attached in Plex.
Using the admin pw sounds like a bad idea.
Plex Documentation ā Plex Home
Yes. That is how managed users have always worked.
Login with the server owner account, then use fast user switching to change to managed user account.
That is why you pin protect at least the admin account.
There should be an āAutomatically Sign Inā setting in the Plex Roku app. Enable it so you do not have to enter the admin login every time you fire up the app.
Iāve never had to share my email/password with managed users so they can login to their device. This way seems far less secure but what do I know.
So what are most users doing? Using non-sensitive passwords that can be shared with Aunt Janeā¦ Or do admins now need to sign in to each device themselves and then fast switch?
Is there any way for a managed user to view your password on their device once they are logged in?
You were always logging in with the admin account. Using plex.tv/link hid your password from the end user.
I understand the frustration. I donāt like it either, but it was mandated by Roku. Iāve a very long password on my Plex account and it is a pain to enter it with a remote control.
You could enable 2FA for your account. That would prevent someone with your login credentials from accessing your account.
Only use managed users for devices that you control or to which you have direct access. A TV in your household is not a problem. A mobile device for someone that lives with (or near) you should not be too much of a problem. You can login, switch to their username, then hand it back.
The problem is with managed users that are not close by and you do not have access to their devices.
If possible, move the managed users to full users. They can still be in your Plex Home, but will login with their own credentials. They still inherit your Plex Pass, so their mobile devices will be unlocked. They will lose some capabilities. I believe they cannot download to their mobile devices unless they have a Plex Pass. There may be some other restrictions regarding live tv / dvr access. I donāt have managed users, so not completely sure of the implications of moving to a full user.
The other option would be to move away from Roku devices. If they are Roku TVs, you could add a streaming stick/box. Android TV devices still use the plex.tv/link login method. Not sure about AppleTV (I donāt have one).
A managed user cannot view your password on their device.
Thanks for that.
So in practice, the only real difference is that I will have to do the physical initial login. Iāll then switch to the managed user then Iāll be at the same point as if they logged in with a code. Hope Iām seeing that correctly.
All the users are in my home, but there are 8 devices and we often have guests. Everyone uses the same managed account ā āguestsā
The biggest problem I see at the moment is users get logged out endlessly. I dont know how, probably from just messing around. Getting them back in with a code is very easy, but Iām not looking to share my password, so now they will be without TV until Iām able to physically get them back in.
I suppose 2FA can save the day. I can possibly go with a less sensitive password that can be distributed in a pitch, but control access with 2FA if someone tried to login somewhere else. How does authentication work for login? I suppose after they login, Iāll need to provide them with the 2FA code which they enter on the TV? That might be a good workaround, but Iād have to set up another full user for that scenario.
Iām overly sensitive because PMS lives on my NAS with some important data and with all these stories about breachesā¦
Speaking of, does running a PMS on a nas make it vulnerable? Iāve read a lot about different apps opening vulnerabilities, but have never specifically heard Plex talked about in this regard.
I believe that is what FordGuy is suggesting. If the clients reliably stay logged in, then there should be no further need to log in using username/pass on the clients, and 2FA if you enable that as well. I agree that the ācodeā version of logging in is very convenient, only requiring that a browser āsomewhereā in the world is logged in. A shame that this is no longer an option on Roku.
Ford has an interesting suggestion, is that you can create a separate account with simple credentials (at least, simple to explain) and provide that to your āguestsā. Invite this account into your home, and it should inherit all the Plex Pass features (including downloading, if my limited testing of that last week has proved it). Once logged in, it will behave just as it did before with the code, except that the user had to enter credentials instead of you providing it. A home-invited user account has just as much access to the admin account as a managed user does (they can fast swap over to your account or managed users without your credentials), so I assume you arenāt concerned that any of your āguestsā will swap to the admin user to mess with metadata (or delete libraries). If you are, then you likely already have a PIN on the admin anyway, as they could do that before now.
BTW, having your username/password credentials shouldnāt allow anyone to do anything malicious to your NAS that they couldnāt already do now. Without a PIN on the admin user, they could only do things that effect the server settings, such as library management and possibly file deletion. This Plex account will not allow them to log into your NAS management console, nor reach any command line of the base OS itself.
As for Plex on NAS making the NAS vulnerableā¦ well, in this age of hacking, pretty much anything is possible. There could always be a previously unknown vulnerability in the Plex software that could enable someone to use the Plex traffic to hide a payload to compromise the base machine itself. In my opinion, that is going to be fairly unlikely, as it would have to be highly targetted to your specific setup and hardware, and itās unlikely to be worth the effort. In my opinion, if they can compromise the Plex server software and get to the NAS system itself, they are likely to also be able to compromise the NAS externally while in the network if you had Plex setup on a second computer anyway.
Having only one guest account makes it easy.
Create another Plex account using a free e-mail account from Google, Yahoo, etc.
Invite the second, āguest,ā account into your Plex Home and share the desired libraries with it.
If someone accidentally logs out, you can give them the guest account login info. As you mention, you can use 2FA to prevent them from using the account on other devices.
As @Divideby0 mentions, with the admin account pin protected, guests cannot switch to it.
See Secure Your Account with Two-Factor Authentication
Regarding security, I agree with @Divideby0 . Iām more concerned about vulnerabilities in the OS on my Synology or Ubuntu systems than with Plex.
Sweet that sounds perfect.
Just to be clear, Iām creating a new Plex account altogether for this, vs creating a new full user under my account?
Correct.
If I create a new account and give guests the pw, wonāt they be able to login and disengage 2FA?
āTo disable two-factor authentication you will need your authenticator app or recovery codes.ā
awesome, many thanks everyone.
It seems Live TV cannot be shared from my main account to the new account (unless Iām missing something)
I have an antenna for OTA programming. I may be back to using a managed account for access unless there are any workarounds?
Live TV can only be shared with other accounts in a Plex Home. if you created a regular account you need to invite that account into your Plex Home as well which you can do because you have a Plex Pass. That account will also show up in the user switcher.
āInvite to Homeā is a specific term that doesnāt simply mean "invite them to see your server contents. It pretty much merges the two accounts, smooshing the second account into a āManaged Userā-shaped hole. Managed Users are akin to Netflix profiles, they do not exist without the base account itself.
Settings > Plex Home > Invite Plex User button
Ok appreciated, I got that to work.
It does feel much like a managed account ā beside the fact that they have their own login and I (presumably?) do not have to worry about guests messing with my settings (on my main account) and adjusting my libraries.
Be aware the account is not really āmergedā. The account is a separate account thatā¦
They actually can mess with your settings or main account. That is one of the dangers of inviting a user to your home, is that they can swap over to the admin user without having to enter your accountās credentials, as if their account was just another managed user. The only thing protecting your admin account from all this is if you place a PIN on the admin USER, as suggested up above by @FordGuy61 FordGuy several times.
This is not anything new to your situation, since you currently have managed users in your account, and they already could swap over to the admin once you logged them in via that code.
I only bring this up since most people that use Plex do so by offering access to their server contents to people with whole accounts. They donāt typically use Managed Users (one account) nor do they use Plex Home (multiple accounts, but they can swap between them just like Managed Users without entering passwords).
