Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Security can be used on YSM sites to restrict access to an entire site or one particular directory, or structure group, of a site.

The External User Security option allows you to use Auth0, a third-party authentication service, to grant secure access to users outside Yale who do not have a NetID.

  • You can set up a Security Group using the Profile System to establish the group of external users you want to access the site or structure group.

  • Then, you must create a Security component and apply it to a site or structure group in Tridion.

External User Security is a more secure option than Generic security for non-Yale users, as generic security allows for username/password sharing and less transparency on who is accessing your site.

For more information on Generic security or allowing access for Yale personnel with NedIDs via CAS, visit the Security: CAS and Generic instructions.

The following instructions provide information on setting up a Security Group in the Profile System, creating a Security component that includes the group, and applying the security to a site or structure group in Tridion.

Table of Contents

Setting up a Security Group in the Profile System

The first step in creating External User Security for a site or structure group is to set up a Security Group in the Profile System. Security Groups belong to a organization and are editable by any user with organization administrator access to the organization.

  1. Visit https://profile.yale.edu

  2. Log in with your NetID and password

  3. Click Organizations in the navigation at the top of the page.

  4. Find and select the organization you want to add the Security Group to.

  5. Click the External User Security button in the navigation on the left side of the page.

You will be taken to the External User Security page.

  1. Click Add New...

  2. In the Name field, type in an appropriate name for the Security Group

    • This is the name you will plug into the Tridion Security component.

  3. In the Description field, type in a summary of what the Security Group is for.

  4. Click Add New... in the Guest Users field to begin adding external users to the group.

Only use alphanumeric characters and spaces in the Name field.

There are 2 options for adding a Guest User to a Security Group.

  1. Adding existing Guest Users

    • This will probably only happen if you’ve previously added this user to a different Security Group.

    • To add an existing Guest User, type their name into the Find Existing Guest User field and click on it.

    • Their information will populate into the fields below, and you can click Add to add them to the group.

  2. Creating new Guest Users

    • Name: Enter the user’s name in the Name field.

    • Email: Enter the email of the external user you want to add.

    • Click Add to add the create the user and add them to the security Group.

If the email is already in the system, you will see an error message. In this case, use the Find Existing Guest User field to find the user and add them to the group.

When you create and add a new external user, they will receive an email from Auth0 asking them to sign up for the service. They will need to sign up to be able to access the secured pages.

Once you have finished adding External Users to the Security Group, click Add to save the group, and you are ready to create a Security component in Tridion using the group.

Creating a Security Component

The next step in securing a site or structure group for external users is to create a Security component in Tridion.

  • Even though this security is for External Users, you will need to create a Security: CAS component.

In the Building Blocks folder of your respective website, click New Component in the Create tab of the navigation bar. You will be taken to a new page for creating the component.

  1. Enter an appropriate Name for your component.

  2. Choose Security: CAS from the Schema drop down menu.

  3. Allow the following groups access: This field allows you to select the type of security and enter the information for who gets access.

    • Selecting the radio button next to External Role to use the External Security Group you created in the last section.

  4. In the Values field, enter the Name of the External Security Group. The easiest way to do this is by copying and pasting from the Name field of the security group you created in https://profile.yale.edu/

    • You can add, delete, or sort Values with the icons to the left of the field.

If you will be using multiple Security Types within this single Security component (for example, NetID and External User Security) it is crucial to use the furthest left green + icon in the Allow the following groups access field to make an additional field for your other values.

Once you've finished inserting your Security Types and coordinating Values, click Save and Close in the Home tab, and the component is ready to be inserted onto a page in your Root folder

Applying Security to a Structure Group

Once you’ve created a Security component, you are ready to apply that Security to a structure group.

  1. Within the Structure Group you would like to secure, create a New Page, and start with the General tab.

  2. The Name of this new page should be "Security."

  3. The File Name must be "security" (lowercase, no spaces).

  4. Below Page Template, uncheck the box next to Inherit from Parent.

  5. Select XML from the Page Template dropdown.

  6. Click on the Component Presentations tab of your page.

  7. In the Component Presentations tab of your page, click Insert.

  8. Your Building Blocks folder will pop up, select the security component you just created.

  9. Select Security: CAS in the Component Template drop down menu.

  10. Click Insert to add the component to the page.

  11. Click Save and Close, then publish the page.

  • No labels