Skip to main content
Developer Portal
Brightspot

Restrict Pages and Sections

Require CAS login for access to parts of your website.

Note 1: There is one setting that is necessary to this setup that is not mentioned in the video above. It is listed in step 3 of the Site Authentication Setup section below.

Site Authentication Setup

This will connect your Brightspot site with CAS, and allow the site to receive data about who is signed in. Once this is set up, you will need to follow the steps below to specify the signed-in users who are allowed to view pages on your site.

  1. Open the main menu by clicking on the menu button in the top left. Open the Admin area and go to the Sites and Settings area of your website.
  2. Click on the Front-End tab.
  3. At the top of the page, make sure the Site Group is set to BYU-Provo.
  4. Scroll down to the Authentication area and open it.
  5. Change Authentication Settings to "Set:"
  6. Click the + button to add an Authentication Manager. The search window will appear, but there will likely be no authentication manager to choose.
  7. In the bottom left of that window, under Create, make sure the dropdown says BYU and click the New button.
  8. In the resulting page, add a name for the authentication manager.
  9. If you want, choose (or create) landing pages.
    1. Authenticated Landing Page is where someone will be directed as soon as they sign in.
    2. Unauthenticated Landing Page is where someone will be directed as soon as they sign out. It will also be visible to anyone who visits the site.
  10. Click the link in the top left Back to Select Authentication Settings → Authentication Managers to close the page.
  11. Click the name of the Authentication Manager that you just created, and close the window.
  12. You should now see your Authentication Manager under Authentication Managers in the Edit Site page.
  13. Click Save.

Site, Section, and Page Authorization


Authorization settings define which signed-in users have permission to view content on your site. You can set up different access levels for different parts of your site.

To restrict users for your entire site

  1. In Sites and Settings, choose the Default Settings tab.
  2. Open the Authorization section.
  3. Under Authorization - If not set all users will have access, change the dropdown to say Override
  4. Choose an Authorization Manager. If you don't have one set up already, see the steps below. if you do have one or more authorization managers, they will be listed in the dropdown and can be used anywhere on the site.

To restrict users for a section or a page

  1. Open the section or page in the editor interface.
  2. Open the Overrides tab.
  3. Open the Authorization section.
  4. Under Authorization - If not set all users will have access, change the dropdown to say Override
  5. Choose an Authorization Manager. If you don't have one set up already, see the steps below. if you do have one or more authorization managers, they will be listed in the dropdown and can be used anywhere on the site.

To add Authorization Settings

If there are no Authorization Managers listed in the dropdown in the steps above, or if you would like to set up a new authorization manager you can create a new authorization manager.

  1. If, click the magnifying glass next to the dropdown.
  2. In the search window that appears, under Create, click the dropdown and choose Provo Authorization Settings.
  3. Click New.
  4. Give your authorization settings a name. It is helpful to name it based on who will have access (i.e. "Faculty/Staff" or "Students").
  5. Choose or add an Access Denied page if you would like one. This is helpful to let people know they've come to a section they don't have permission to view.
  6. If only specific people should access the content, or if there are specific people who should access the content in addition to the other groups you specify here, add their Net ID here under Specified User NetIds.
  7. If you want to use a predefined Access Category, choose one of the options in the dropdown there.
    1. All (users with valid login) requires only that someone have a Net ID and sign in. This will include all students, alumni, employees, former employees, and anyone else who has signed up for a Net ID.
    2. Students Only includes all active, eligible to register students.
    3. Faculty Only includes all university employees (faculty, staff, and admin).
    4. Only Students or Faculty includes all current students and university employees.
    5. Specified Users Only blocks access for anyone but those listed in another section on this page. If you only want certain users to have access, choose this option.
  8. If you have a GRO group where your users are defined, you can specify that under SAML Access Groups.
  9. When you are finished with configurations, click Save.
  10. Click the Back link at the top of the page.
  11. In the select window, click the name of the Authorization Settings you just created. The window will close.
  12. If you are editing site default settings, click Save. If you are editing page or section overrides, click Publish or Save.

Adding a Sign-In Button

To add a sign-in button to the top right of your site's header, follow these steps:

  1. Go to "Sites and Settings".
  2. Within the settings, locate and click on the "Page Defaults" tab.
  3. Scroll down until you see the "Header" dropdown and open it.
  4. In the dropdown, you will find an option called "Sign in Enabled." By default, it is set to "Inherit".
  5. To override this setting and enable the sign-in button specifically for the header, change the option from "Inherit" to "Override" by selecting it.
  6. Once you have chosen "Override," a toggle switch should appear. Click on the toggle to activate it.
  7. After making the changes, scroll to the bottom of the page.
  8. At the bottom, you will find a "Save" button. Click on it to save the modifications you made to the header settings.