Instructions: External User Security (AUTH-0)

Security can be used on YSM sites to restrict access to an entire site or one particular directory, or structure group, of a site.

The External User Security option allows you to use Auth0, a third-party authentication service, to grant secure access to users outside Yale who do not have a NetID.

You can set up a Security Group using the Beatrix to establish the group of external users you want to access the site or structure group.
Then, you must add the Security group to the website or page properties in Beatrix CMS.

External User Security is a more secure option than Generic security for non-Yale users, as generic security allows for username/password sharing and less transparency on who is accessing your site. Generic security is being deprecated and is only in use for the Yale Primary Care Pediatrics Curriculum .

For more information on Generic security or allowing access for Yale personnel with NedIDs via CAS, visit the Security: CAS and Auth-0 instructions.

The following instructions provide information on setting up a Security Group in the Beatrix, creating a Security group in the organization that includes the group.

Table of Contents

1 Setting up a Security Group in the Beatrix
2 Bulk Uploads

Setting up a Security Group in the Beatrix

The first step in creating External User Security for a site or structure group is to set up a Security Group in Beatrix. Security Groups belong to a organization and are editable by any user with organization administrator access to the organization.

Visit Beatrix
Log in with your NetID and password
Click Organizations in the navigation at the lef of the page.
Find and select the organization you want to add the Security Group to.
Click the External User Security button in the navigation on the left side of the page.

You will be taken to the External User Security page (shown below):

From the External User Security page, click Add New... and some fields will pop up to add information for the group (shown below):

Fields for a new external security group

In the Name field, type in an appropriate name for the Security Group
- This is the name you will plug into the Beatrix web or page properties Security settings.
- If the name of the group already exists, you will see an error message. If not, the field will let you know the name is unique (shown above).
In the Description field, type in a summary of what the Security Group is for.
Click Add New... in the Guest Users field (highlighted in yellow above) to begin adding external users to the group.

Only use alphanumeric characters and spaces in the Name field.

Once you click Add New... new fields will appear that allow you to add an external user to the group (shown below):

There are 2 options for adding a Guest User to a Security Group.

Adding existing Guest Users
- This will probably only happen if you’ve previously added this user to a different Security Group.
- To add an existing Guest User, type their name into the Find Existing Guest User field (highlighted in yellow above) and click on it.
- Their information will populate into the fields below, and you can click Add (highlighted in green above) to add them to the group.
Creating new Guest Users
- Name: Enter the user’s name in the Name field (highlighted in blue above).
- Email: Enter the email of the external user you want to add (highlighted in red above).
- Click Add (highlighted in green above) to add the create the user and add them to the security Group.

Once you have finished adding External Users to the Security Group, click Add to save the group, and you are ready to create a Security component in Tridion using the group.

Welcome to YSM Auth0 email.

From this e-mail, the user should click the provided link (highlighted in yellow above) to set up their account and password. They will then be able to access YSM publications and systems that are secured with Auth0 and External User Security.

Bulk Uploads

See https://ysmweb.atlassian.net/wiki/spaces/OC/pages/2542305295