Securing your site for specific user groups

Certain sites are designed to be used by a specific community or groups of users. SiteFarm can assist you in configuring your site for these restriction levels.

Entire site - Default Setting

Access: anyone with access to the internet can see the content
Configuration steps: no configuration steps necessary

Specific pages restricted to UC Davis community

Access: a selection of page content can be restricted to the UC Davis community while the remainder is available to anyone with access to the internet
Configuration steps:

  1. Navigate to Manage » Configuration » SiteFarm section » CAS Settings.
  2. From the list of labels in the CAS settings page, click on Forced Login.
    Image of the CAS configuration screen with the Enabled box checked and the Pages text area listing the forms section as an area to be specifically protected.
  3. Check the Enable box associated with the help text "If enabled, all pages on your site will trigger this feature. It is strongly recommended that you specify specific pages to trigger this feature below." This tells the system that your site pages are set up for gatekeeping and, if a page or section of your site is included in the Pages section as described in the next step, your site will trigger a CAS log in requirement.
  4. In the Pages field, specify pages by using their paths. Enter one path per line. The '*' character is a wildcard. An example path is /user/* for every user page. <front> is the front page. When someone tries to navigate to any of the pages or sections in this list, they will be prompted to log in using their CAS ID and password.
  5. Click Save configuration to finish.

Entire Site - UC Davis community only

Access: only individuals with an authorized account, Kerberos ID, and password can see the content
Configuration steps:

  1. Navigate to Manage » Configuration » People section » CAS.
  2. From the list of labels in the CAS settings page, click on Forced Login.
  3. Check the Enable checkbox to force all users to log in through CAS and leave the Pages field blank.
    Screenshot of the CAS settings section for forced login showing the Enabled box checked and the Pages field left blank.
  4. Click Save configuration to finish.

Turn the site into an intranet

Access: restricted to specific accounts a site manager or member of the SiteFarm team create, allowing people to sign in and view the content. Authenticated users do not have editing rights to any of the content. 
Configuration steps

  1. Follow the steps outlined in Adding users to your site, except in step 3, for Roles, do NOT assign a role unless you intend for them to actually assist in maintaining the content in your website. Allow them only the defaulted “Authenticated user” role, which is already enabled on creation. Follow the rest of the instructions on the page per usual.
  2. Site Managers can create a logout menu item--in a menu, a sidebar, a focal link, in the footer--wherever it makes sense for your site. You can use either the /user/logout or /caslogout paths for your link, both of which will log the user completely out of the site as well as CAS.
  3. Use our Service Form to tell us you want to turn your site into an intranet and request public access permissions be removed to avoid content still being visible to those without the proper credentials.
Use cases

Intranet: Register non-UC Davis users with moderated approval
A SiteFarm client is using their site to host information and links related to an annual conference. The site storehouses embedded links to videos recorded from the conference, but in order to access them, public visitors need to pay a registration fee through a different payment gateway before being granted access to the site's content. The visitor will register on the site for an account and only be granted access once a Site Manager has approved them.
Requires Site Builder role


Additional note about files

Please note that CAS only protects your page content; any files you may have linked to your content (PDFs, Word docs, spreadsheets, etc.) are NOT protected. It is strongly recommended that you consider using Box.com for your document management needs, for a variety of reasons, but in this case, because it will keep your content secure.