Security can be used on YSM sites to restrict access to an entire site or one particular directory, or structure group, of a site.
The External User Security option allows you to use Auth0, a third-party authentication service, to grant secure access to users outside Yale who do not have a NetID.
You can set up a Security Group using the Profile System to establish the group of external users you want to access the site or structure group.
Then, you must create a Security component and apply it to a site or structure group in Tridion.
External User Security is a more secure option than Generic security for non-Yale users, as generic security allows for username/password sharing and less transparency on who is accessing your site.
For more information on Generic security or allowing access for Yale personnel with NedIDs via CAS, visit the Security: CAS and Generic instructions.
The following instructions provide information on setting up a Security Group in the Profile System, creating a Security component that includes the group, and applying the security to a site or structure group in Tridion.
Table of Contents
Setting up a Security Group in the Profile System
The first step in creating External User Security for a site or structure group is to set up a Security Group in the Profile System. Security Groups belong to a organization and are editable by any user with organization administrator access to the organization.
Visit https://profile.yale.edu
Log in with your NetID and password
Click
Organizations
in the navigation at the top of the page.Find and select the organization you want to add the Security Group to.
Click the
External User Security
button in the navigation on the left side of the page.
You will be taken to the External User Security page.
Click
Add New...
In the Name field, type in an appropriate name for the Security Group
This is the name you will plug into the Tridion Security component.
In the Description field, type in a summary of what the Security Group is for.
Click
Add New...
in the Guest Users field to begin adding external users to the group.
Only use alphanumeric characters and spaces in the Name field.
There are 2 options for adding a Guest User to a Security Group.
Adding existing Guest Users
This will probably only happen if you’ve previously added this user to a different Security Group.
To add an existing Guest User, type their name into the Find Existing Guest User field and click on it.
Their information will populate into the fields below, and you can click
Add
to add them to the group.
Creating new Guest Users
Name: Enter the user’s name in the Name field.
Email: Enter the email of the external user you want to add.
Click
Add
to add the create the user and add them to the security Group.
If the email is already in the system, you will see an error message. In this case, use the Find Existing Guest User field to find the user and add them to the group.
When you create and add a new external user, they will receive an email from Auth0 asking them to sign up for the service. They will need to sign up to be able to access the secured pages.
Once you have finished adding External Users to the Security Group, click Add
to save the group, and you are ready to create a Security component in Tridion using the group.
Creating a Security Component
The next step in securing a site or structure group for external users is to create a Security component in Tridion.
Even though this security is for External Users, you will need to create a Security: CAS component.
In the Building Blocks folder of your respective website, click New Component
in the Create tab of the navigation bar. You will be taken to a new page for creating the component.
Enter an appropriate Name for your component.
Choose
Security: CAS
from the Schema drop down menu.Allow the following groups access: This field allows you to select the type of security and enter the information for who gets access.
Select the radio button next to
External Role
to use the External Security Group you created in the last section.
In the Values field, enter the Name of the External Security Group.
The easiest way to do this is by copying and pasting from the Name field of the security group you created in https://profile.yale.edu/
You can add, delete, or sort Values with the icons to the left of the field.
If you will be using multiple Security Types within this single Security component (for example, NetID and External User Security) it is crucial to use the furthest left green +
icon in the Allow the following groups access field to make an additional field for your other values.
Once you've finished inserting your Security Types and coordinating Values, click Save and Close
in the Home tab, and the component is ready to be inserted onto a page in your Root folder
Applying Security to a Structure Group
Once you’ve created a Security component, you are ready to apply that Security to a structure group.
Within the Structure Group you would like to secure, create a
New Page
, and start with the General tab.The Name of this new page should be "Security."
The File Name must be "security" (lowercase, no spaces).
Below Page Template, uncheck the box next to
Inherit from Parent
.Select
XML
from the Page Template dropdown.Click on the
Component Presentations
tab of your page.In the Component Presentations tab of your page, click
Insert
.Your Building Blocks folder will pop up, select the security component you just created.
Select
Security: CAS
in the Component Template drop down menu.Click
Insert
to add the component to the page.Click
Save and Close
, then publish the page.