March PASS Training Platform Updates

Written By Raymond Rees

Prepaid Account Balance (Wallet)

We've introduced a new prepaid account balance system that allows companies to maintain a credit wallet within PASS Training. This replaces our previous reliance on Stripe's customer balance system with a fully internal, auditable ledger — one that integrates cleanly with QuickBooks and gives administrators complete visibility into every transaction.

How it works:

  • Admin deposits: PASS administrators can record manual deposits to a company's prepaid balance for refunds, adjustments, or advance payments.

  • Subscription-based deposits: When a company purchases a subscription product that's configured to deposit prepaid balance, the invoice total is automatically credited to their wallet upon payment.

  • Automatic application: When a new invoice is finalized, any available prepaid balance is automatically applied as a credit — reducing (or eliminating) the amount due. This happens via Stripe credit notes, so the accounting trail stays clean.

  • Reversal protection: If an invoice is voided or refunded, any prepaid balance that was applied or deposited is automatically reversed, keeping the ledger accurate.

  • Visibility for all roles: Company Admins, Facility Admins, and Director Admins can view the full transaction ledger (deposits, applications, and reversals), while only PASS administrators can record new deposits.

The prepaid balance is displayed prominently on the invoices page, and each transaction in the ledger shows the date, type, related invoice, notes, amount, and running balance total.

Training Expiration Admin Notifications

Staying on top of employee certification expirations has historically required administrators to manually check reports. We've now added automatic email notifications so that Company Admins, Facility Admins, and Director Admins are proactively alerted when trainings are approaching their expiration dates.

What gets sent:

  • Expires Soon: Digest emails sent at 90, 60, and 30 days before a training expires

  • Expires Today: A same-day alert for trainings expiring that day

  • Expired: A follow-up notification for trainings that have passed their expiration date

How they're formatted:
Each email is a digest — not one email per training, but a single summary email that groups all relevant trainings into an easy-to-scan table with columns for Employee, Training, Facility, and Expiration Date. Employee names, training titles, and facility names are all clickable links back to their records in PASS Training. A "View Expiring Trainings Report" button at the bottom links to the full report.

Who receives them:
Notifications respect existing authorization boundaries. Company and Director Admins receive alerts for all trainings across their company. Facility Admins only see trainings at their assigned facilities. The feature is opt-in and controlled by a new company-level setting ("Training Expiration Admin Emails").

Certificate Export Overhaul

The certificate export feature — used by companies to bulk-download PDF certificates for compliance audits — received a major performance and reliability overhaul. For companies with thousands of trainings, what previously took hours now completes in a fraction of the time.

Performance improvements:

  • PDF generation now runs in parallel across multiple threads (4 by default), rather than processing certificates one at a time

  • Removed Ghostscript compression overhead, replacing it with pdftk's built-in compression — eliminating roughly one second of processing per certificate

  • ZIP compression uses a balanced default setting instead of maximum compression

  • Database queries are now eager-loaded to eliminate thousands of redundant lookups

  • For a company with ~4,400 certificates, estimated export time dropped from approximately 4.4 hours to roughly 35 minutes

Reliability improvements:

  • Exports are now continuable — if the job is interrupted (server restart, timeout, etc.), it picks up exactly where it left off instead of starting over

  • Per-training error handling means a single problematic certificate won't crash the entire export

  • Trainings that don't have certificates are silently skipped rather than causing errors

Usability improvements:

  • Download links now remain valid for 7 days (up from 15 minutes), so admins don't have to rush to download after receiving the notification email

  • Export ZIP files now have meaningful names (e.g., "Acme-Corp-certificates-2026-03-16.zip")

  • New filters allow narrowing exports by date range and excluding non-certificate trainings

  • Third-party custom certificates are now included in exports

  • An automated daily cleanup job removes expired export files from S3 after 7 days

Third-Party Trainings Report Filters

The third-party trainings report now includes a full set of filters and a sortable table view, making it significantly easier for administrators to find and review external training records.

New filters include:

  • Vendor: Filter by third-party training vendor

  • Facility: Narrow results to a specific facility

  • Course: Filter by course name

  • Expiration Range: Show all trainings, only expired trainings, or trainings expiring within 30, 60, or 90 days

Filter options are dynamically populated based on actual data in the company's third-party trainings, so you'll only see vendors and courses that are relevant. Filters apply automatically as selections change — no submit button needed. CSV export respects all active filters.

LMS & SCORM Cloud Reliability

We've resolved a set of interconnected issues that were causing authentication failures for students taking courses launched from external Learning Management Systems (LMS), particularly in corporate browser environments.

The problem: Many corporate networks and browsers (especially Safari) block third-party cookies by default. When a student launched a PASS training from their LMS inside an iframe, the initial authentication would succeed, but navigating between pages within the course would lose the session — leaving students stuck or seeing unhelpful login prompts inside the iframe.

What we fixed:

  • Token propagation throughout the session: The LMS authentication token is now automatically appended to every server-side redirect and every Turbo navigation within the iframe. A new Stimulus controller intercepts all client-side navigations to ensure the token stays attached regardless of cookie availability.

  • Safari compatibility: Replaced JavaScript's url.searchParams API (which throws cross-origin errors in Safari iframes) with a Safari-safe string concatenation approach.

  • Extended token lifetime: LMS session tokens now last 8 hours (up from 1 hour), covering even lengthy SCORM Cloud training sessions without mid-course expiration.

  • SCORM Cloud return flow: The exit/return URL from SCORM Cloud now includes the authentication token, so students can successfully return to PASS Training after completing their SCORM course.

  • Graceful error handling: When authentication does fail inside an iframe, students now see a clear message ("Your session has expired. Please close this window and relaunch from your LMS.") instead of being redirected to a login page that can't work inside an iframe.

  • UI cleanup: The "Change Facility" dropdown and "Close Training" button are now hidden for LMS-launched sessions since those actions aren't relevant in that context.

Additionally, we added automatic retry logic for transient SCORM Cloud API errors (502/503/504 responses). Previously, a momentary outage on SCORM Cloud's side would surface an unhandled error to the student. Now, the system retries once before displaying an error.

Additional Bug Fixes

  • Catalog training assignment: Fixed a silent failure that occurred when a company purchased a catalog training linked to a course with no active version. The purchase would succeed but the training enrollment would silently fail to create. Now, courses without an active version are skipped during checkout with proper validation, and the entire redemption is wrapped in a database transaction to prevent orphaned records.

  • Dollar input sanitization: All dollar amount input fields across the system (pricing, deposits, discounts, etc.) now automatically strip commas, dollar signs, and other non-numeric characters before saving. This prevents data entry errors when users type "$1,500.00" instead of "1500.00".

  • Commission agreement date filtering: Commission reports now correctly exclude invoices paid before the agreement's start date, ensuring that only revenue generated during the active agreement period is included in commission calculations.

  • Facility import improvements: Updated the bulk facility import/upsert logic to handle edge cases more reliably.

  • Quiz question count: Fixed an error that occurred when a chapter had a nil quiz question count.

Revenue by Customer Report

A new administrative maintenance task is now available for generating revenue-by-customer reports, giving PASS administrators better visibility into billing and revenue trends across the customer base.

Infrastructure & Security Updates

  • Upgraded to Ruby 4.0.2

  • Updated Rails to the latest edge builds (multiple updates through the month)

  • Security patches: bcrypt 3.1.22, loofah 2.25.1, json 2.19.2

  • Sentry error tracking updated from 6.3.1 to 6.5.0

  • Lexxy rich text editor updated from 0.7.4-beta to 0.8.5-beta

  • Thruster web server updated to 0.1.19

  • Updated AWS SDKs (S3, Polly), esbuild, Sass, and other dependencies

Raymond Rees
Previous

As Fuel Retail Consolidates, Compliance Doesn't Get Simpler — It Gets Harder
Next

March Platform Enhancements to PASS Harmonics, Symphonics & ATG Connect