Have installed the Plexamp app today and seemed to work really well, but having started to setup the managed accounts for the kids music it doesn’t seem to be very safe to use. I have set up managed users for them with their own music and restricted everything else, as with movies on the previous player, my main account has a pin to prevent them viewing everything.
The Plex player always goes through user selection screen and requires any necessary pin before loading the account up.
When logging in to Plexamp however, it goes straight to the main unrestricted account. If changing to another managed user and back to a pin protected user it always asks for the pin. However, if I log out, when logging back in it asks to use the “Plex.tv” to sign in and goes directly to the main account without any sort of user selection or pin, without any need to re-enter my Plex account details.
Not sure if I am missing something somewhere but surely this should behave the same as the main Plex app and always ask for the user first? It seems odd to allow admin access without any sort of sign in or use of the pin protection?
Every Plex app does it that way.
If you are adding a new device to your Plex account, you as the admin are supposed to do it. Don’t give out your Plex credentials and let your managed users do it themselves. You can do so much damage with the Plex credentials of a server admin, even without knowing his PIN. So never let anyone peek at them
After successfully signing in, perform “Switch User” to the managed user’s sub-account.
Hi, thanks for the reply but I am not sure that is true in this case.
The main Plex app, certainly on the iPhone, doesn’t allow a managed user to logout - and even when swiping to close the app, will reopen as that same managed user. You cannot change to the admin account as that is pin protected, and you cannot log out and back in without knowing the Plex account details. This is not the case on the new music app.
I set up the app on the other phones myself, logged them in to the Plexamp app and then, as you correctly stated, changed to their managed profiles assuming that would not then allow them to change back to admin. This is partly true as it restricts it WHILE IN THE APP. When logging out of the account, which you can do on ALL profiles, you then log back in and it goes directly to the admin account without needing to enter any sort or Plex username/ password OR pin. Just clicking the pop up saying ‘use details for Plex.tv’ which it seems to have cached somewhere - it is certainly not stored as a password on Keychain or in the browsers on the kids phones so wherever this is it needs to be cleared or the login method sorted out.
This is not the same as the other apps, and I certainly don’t give anyone my login details as you suggest. As far as I remember this is the same for the FireTV app which even if always logged in, requires you to enter the pin for each user as necessary.
@stuartgk this is true. I have TouchID active. On the main Plex iOS app, it shows the list of managed users. I select my admin account and Touch ID prompts for my fingerprint and then proceeds. If I swipe and force close Plex app and relaunch, the managed list reappears and I can select another account, automatically locking the Admin account from view. This locking mechanism isn’t in the current PlexAmp version (3.1.1). I’m just backing up his or her claim. Users are currently told to login for our managed users on their devices as the admin, then switch out, login as managed user. But say if older siblings are using a shared device with their own pins, this isn’t going to work very well in the future.
My main concern is that it seems to be caching the account details somewhere and using that to login and bypass all the security on the second login, so rendering the pin and restrictions useless.
If this is the intended behaviour and not a glitch on my setup, then it is certainly not suitable for younger kids if trying to limit access to appropriate music or give them a personal library view. Even limiting to clean radio edit versions of chart music isn’t possible if they can just bypass the login, whether intentionally or by accident when closing and reopening the app.
Might have to set them up a ‘friends’ account and see if that works as presumably they would login with their own account details and I can limit what is shared to each one, but seems a backwards step compared to all the improvements in the app and server over the years.
So in fact to use the app successfully with the restrictions, following a quick test, the advice should read;
After successfully signing in, perform “Switch User” to the managed user’s sub-account. Then open a browser window, open Plex.tv and log out of your account prevent access to your admin user.
Not the easiest of things to explain but this seems to be the answer. And before you ask, no, the browser window does not open when you log in to PlexAmp, and isn’t already open in the background before logging in, you have to open one and then open the page and logout, when testing a few times it even required me to log IN to the webpage first occasionally. This seems to be the case with both the PlexAmp and PlexDash apps which I have just tried on the iPhones - the main Plex app itself seems to have more common sense and relies on logging in separately if logged out previously.
It seems even the app itself is not taking your advice of not giving out credentials when it leaves them on everybody’s devices ready to log back in without challenge.
I love the Plex system and player, and this app would be brilliant for use in the car, but I cannot understand this method and why it seems to overlook something as simple as logging in and out of an account without having to log out of a browser - which is initially logged in by the app itself!? Why on earth does it prevent you from changing to a pin protected user without checking the pin while in the app - but then lets you log out and back in as that same user without any sort of check??
If there is in fact a setting to change this which I am missing I would love to hear about it to make logging in to the managed accounts a bit more straight forward.