Instructions: External User Security (AUTH-0)

Security can be used on YSM sites to restrict access to an entire site or one particular directory, or structure group, of a site.

The External User Security option allows you to use Auth0, a third-party authentication service, to grant secure access to users outside Yale who do not have a NetID.

• You can set up a Security Group using the Profile System to establish the group of external users you want to access the site or structure group.

• Then, you must create a Security component and apply it to a site or structure group in Tridion.

The following instructions provide information on setting up a Security Group in the Profile System, creating a Security component that includes the group, and applying the security to a site or structure group in Tridion.

Table of Contents

Setting up a Security Group in the Profile System

The first step in creating External User Security for a site or structure group is to set up a Security Group in the Profile System. Security Groups belong to a organization and are editable by any user with organization administrator access to the organization.

1. Visit https://profile.yale.edu

2. Log in with your NetID and password

3. Click Organizations in the navigation at the top of the page.

4. Find and select the organization you want to add the Security Group to.

5. Click the External User Security button in the navigation on the left side of the page.

You will be taken to the External User Security page (shown below):

Open

From the External User Security page, click Add New... (highlighted in yellow above), and some fields will pop up to add information for the group (shown below):

Open

1. In the Name field, type in an appropriate name for the Security Group

   • This is the name you will plug into the Tridion Security component.

   • If the name of the group already exists, you will see an error message. If not, the field will let you know the name is unique (shown above).

2. In the Description field, type in a summary of what the Security Group is for.

3. Click Add New... in the Guest Users field (highlighted in yellow above) to begin adding external users to the group.

Once you click Add New... new fields will appear that allow you to add an external user to the group (shown below):

There are 2 options for adding a Guest User to a Security Group.

1. Adding existing Guest Users

   • This will probably only happen if you’ve previously added this user to a different Security Group.

   • To add an existing Guest User, type their name into the Find Existing Guest User field (highlighted in yellow above) and click on it.

   • Their information will populate into the fields below, and you can click Add (highlighted in green above) to add them to the group.

2. Creating new Guest Users

   • Name: Enter the user’s name in the Name field (highlighted in blue above).

   • Email: Enter the email of the external user you want to add (highlighted in red above).

   • Click Add (highlighted in green above) to add the create the user and add them to the security Group.

Once you have finished adding External Users to the Security Group, click Add to save the group, and you are ready to create a Security component in Tridion using the group.

From this e-mail, the user should click the provided link (highlighted in yellow above) to set up their account and password. They will then be able to access YSM publications and systems that are secured with Auth0 and External User Security.

Bulk Uploads

See https://ysmweb.atlassian.net/wiki/spaces/OC/pages/2542305295

Creating a Security Component

The next step in securing a site or structure group for external users is to create a Security component in Tridion.

• Even though this security is for External Users, you will need to create a Security: CAS component.

In the Building Blocks folder of your respective website, click New Component (highlighted in blue above) in the Create tab (highlighted in yellow above) of the navigation bar.

You will be taken to a new page for creating the component (shown below):

1. Enter an appropriate Name for your component.

2. Choose Security: CAS from the Schema drop down menu (highlighted in yellow above).

3. Allow the following groups access: This field allows you to select the type of security and enter the information for who gets access.

   • Select the radio button next to External Role (highlighted in orange above) to use the External Security Group you created in the last section.

4. In the Values field, enter the Name of the External Security Group.

   • The easiest way to do this is by copying and pasting from the Name field of the security group you created in https://profile.yale.edu/

   • You can add, delete, or sort Values with the icons to the left of the field (highlighted in red above).

Once you've finished inserting your Security Types and coordinating Values, click Save and Close (highlighted in blue above) in the Home tab, and the component is ready to be inserted onto a page in your Root folder

Applying Security to a Structure Group

Once you’ve created a Security component, you are ready to apply that Security to a structure group.

1. Within the Structure Group you would like to secure, create a New Page, and start with the General tab.

2. The Name of this new page should be "Security."

3. The File Name must be "security" (lowercase, no spaces).

4. Below Page Template, uncheck the box next to Inherit from Parent (highlighted in yellow above).

5. Select XML from the Page Template dropdown (highlighted in blue above).

6. Click on the Component Presentations tab of your page (highlighted in green above).

7. In the Component Presentations tab of your page, click Insert.

8. Your Building Blocks folder will pop up, select the security component you just created.

9. Select Security: CAS in the Component Template drop down menu.

10. Click Insert to add the component to the page.

11. Click Save and Close, then publish the page.