Client access

photoclick

Please, make Private Sharing invitation and login area either customizable or, at least, with my branding/name as the primary and SmugMug's branding appearing in the legal declaimer only.

Thank you and I hope you, at least, will consider this request.

leftquark

We've gotten the request for letting you customize the text a few times over on the Feature Request Forums (UserVoice).

If we just updated this email, is your request to remove the SmugMug logo from the top, remove the "SmugMug is where Michael ... all in one safe, beautiful place." and update the footer to say "SmugMug Inc ... sent you this email, on behalf of Michael Shapiro Photography."?

photoclick

Yes, it sounds reasonable. Thank you.

photoclick

It is probably a long shot... but I'll take the liberty of asking a related question here. Currently, when someone navigates to www.YourDomain.com/client you redirect to Smugmug's secure login page. It would really be nice if instead of navigating outside of the customized website- you display an overlay login popup. I realize that there is a roadblock for custom domains since they do not currently have SSL certificate. But you have a brilliant team of engineers and, perhaps, they can find a reasonable solution?

Thanks for listening,
mike

leftquark

We spent a long time thinking about this and investigating how to do it, but ultimately felt that it would risk the security for us, you and your clients if we did something that wasn't clear on what they were logging into. The issue with custom domains was the most difficult to deal with, though we could certainly redirect, temporarily to your nickname.smugmug.com, then redirect back once the login was completed.

I assume the request has 2 roots:
1) Not have to reload the page to login. In order for custom domains to work, we'd probably have to redirect to nickname.smugmug.com, so anything that came up for login, would require a page reload.
2) Keep the context of the site, so the user knows they're still sorta on your site. This could be possible even with the redirect, though we do want to make it clear, and give users the piece of mind, that they're actually logging into SmugMug and not some phishing site.

photoclick

Actually my only concern was #2 - to keep it clean (from my point of view) and keep (psychologically) a visitor on my site. I am not saying Smugmug is a phishing site ... however the Client has a business with a Photographer. The Photographer offers and gives the Client access to his/her images after the photoshoot. The Photographer does not offer images via Google Document or Dropbox, or similar un-cobranded data repositories. Instead, the Photographer wants to direct the Client to the Photographer.COM website. Photographer understands and knows that his website is, in fact, hosted on Smugmug's servers.... but the service Photographer employs is a fully customized and branded photography website. And the Photographer does not want nor feels comfortable (actually feels very uncomfortable) to explain an actual Client that he/she will view the images... on some Smugmug site.. and not on Photographer.COM site. Once again - I am not diminishing Smugmug's services nor saying anything negative about Smugmug. But while Smugmug is very well known to me and very much appreciated by me, it is absolutely beyond the common knowledge of the Client who and what Smugmug is and why can't I give them access to their images on MY (the Photographer.COM) website. Honestly, the whole situation does not look professional in my personal opinion. Seems like you are trying to attract customers at my expense.

I understand the possible limitations from the technical stand point. But disagree with the non-technical reasoning, not that it matters of course:) I conducted a small test in the office and asked to take a look at the website and tell me what seems wrong or out of place. All very technical people in the office, So, the test was pretty serious:) I did not explain where the site is hosted nor any other details. Just gave the link and the viewing (which I think I gave you before?) password. 100% of complains were for one single reason - "why does the login page to view the client's photos lead outside of your website??? why did you do this?" Once I explained the situation (my site is hosted on Smugmug platform, and clients will actually view images off of SMugmug's servers, and this is actually Smugmug's free accounts, etc...) they say: "wtf? if you password-protect gallery that is under YOUR account then password is asked on YOUR site... but if you give account-level access to a neighboring gallery then password/username is asked by the hosting company's website????"

Think about it - when I log into my account on Smugmug.com you are not redirecting me to the Amazon login page, right But you sure do it to my visitors:)

Regardless of the above - there is one instance when you actually show a loging overlay on my site. The URL is smugmug's at that point, but the page does display my content. To replicate this - one would need to navigate directly to the URL of the gallery with account-level access. For instance, I have a gallery with the access set to only people I allow. Here is the direct URL: http://www.michaelshapirophotography.com/PrivateAccount/Red-collection. Upon navigating to it you redirect to:
https://secure.smugmug.com/access-denied/?n=7nGhkg&goTo=http%3A%2F%2Fwww.michaelshapirophotography.com%2FPrivateAccount%2FRed-collection

The webpage shows my website and the login button. Clicking this login button still keeps me on my website and shows the overlay login. And honestly this si all I am asking for. But if you navigate to mywebsite.com/client ...... it brings you to the Smugmug's login page

So, to sum it up - it seems like what I am after is possible and actually implemented. Just not for the .../cleint url.

Sorry for the long post.

leftquark

Hmmm.... We went over this in pretty deep depth when I worked on developing the /client area. There was a very technical reason why the pop-up box wasn't a good solution (and to be honest, one that I wouldn't be surprised if it went away at some point). To be perfectly honest with you, our decision making here was solely based upon the security of the site, especially since people are logging into their SmugMug account, not to their Michael Shapiro Photography account. It's the same way when other websites use Facebook, Google, Yahoo, or Amazon login's. Some people will know they're logging into a SmugMug account, since they were told that when the account was created, some people in the office won't know that, but for the people who do know, they'll be freaked out if some website is asking for another websites login. While it's odd that your website redirects to another site, at least it doesn't send the message of phishing attempt. At least, that was our thought process.

For what it's worth, I completely agree with you. My request to Engineering when we developed this was to build a branded login page, so it said something like "Michael Shapiro Photography (hosted by SmugMug)" or "(login through SmugMug)" but we ran into a number of security concerns. Maybe one day we can get there. Whatever solution we build needs to work for custom domains too, and that's where things get trickier.

photoclick

Aaron - I greatly appreciate your detailed response. I absolutely agree with you on the matter of security. You did mention one thing that, I believe, is the culprit of my dissatisfaction:) Your design approach was (and technically it is the correct one!) that people are logging into Smugmug. I want to believe, or want to think, or want clients to think that they are logging into my services: I make their photographs, I deliver images, I provide access to images. etc. So, we are simply looking at the same thing from opposite sides Perhaps in some near future we can meet half way and makes this login area be fairly co-branded with photog's details while still maintaining the fact that this is a Smugmug's account.

leftquark

photoclick wrote: »

Perhaps in some near future we can meet half way and makes this login area be fairly co-branded with photog's details while still maintaining the fact that this is a Smugmug's account.

I think this would be the ideal solution. "Michael Shapiro Photography | Powered by SmugMug" or the like.

I will remind everyone, though, that as Pro photographers, we use sites like Dropbox all the time, that don't have a branded look and blast "Dropbox" all over it.

With that said, we want you to feel like you have a Professional site, and that does mean keeping your branding on as many, if not all, of your pages, so I hear you.