Restrict Pages and Sections
Require CAS login for access to parts of your website.
Note: There is one setting that is necessary to this setup that is not mentioned in the video above. It is listed in step 3 of the Site Authentication Setup section below.
Site Authentication Setup
This will connect your Brightspot site with CAS and allow the site to receive data about who is signed in. Once this is set up, you will need to follow the steps below to specify the signed-in users who are allowed to view pages on your site.
- Open the Sites and Settings tab in the Admin section of the hamburger menu in the top left corner.
- Click on the Front-End tab.
- At the top of the page, make sure the Site Group is set to BYU-Provo.
- Scroll down to the Authentication menu and open it.
- Change Authentication Settings to "Set:"
- Click the + button to add an Authentication Manager, then select the magnifying glass next to the resulting menu. The search window will appear, but there will likely be no authentication manager to choose.
- In the bottom left of that window, under Create, make sure the dropdown says BYU, then click the New button.
- In the resulting page, add a name for the authentication manager.
- Choose (or create) landing pages as desired.
- Authenticated Landing Page is where someone will be directed as soon as they sign in.
- Unauthenticated Landing Page is where someone will be directed as soon as they sign out. It will also be visible to anyone who visits the site.
- Click the link in the top left Back to Select Authentication Settings → Authentication Managers to close the page.
- Click the name of the Authentication Manager that you just created, and close the window.
- You should now see your Authentication Manager under Authentication Managers in the Edit Site page.
- Click Save.
Set up Authentication Before Launch
Enforcing login before your site is live at a BYU URL (a web address that ends in .byu.edu) will prevent you from viewing your site. Below are steps to disable login while your site content is being created.
- Open the Page Defaults tab in the Sites and Settings menu.
- Open the Authorization section.
- Click the dropdown and choose Inherit.
- Click the Save button at the bottom of the page.
Site, Section, and Page Authorization
Authorization settings define which signed-in users have permission to view content on your site. You can set up different access levels for different parts of your site.
To restrict users for your entire site
- Open the Sites and Settings tab in the Admin section of the hamburger menu in the top left corner.
- Select the Page Defaults tab and scroll until you find the Authorization option. You can also find this setting by searching Authorization in the search bar underneath the bell icon.
- Under Authorization - If not set all users will have access, change the dropdown to say Override.
- Choose an Authorization Manager. If you don't have one set up already, see the steps below. if you do have one or more authorization managers, they will be listed in the dropdown and can be used anywhere on the site.
To restrict users for a section or a page
- Open the section or page in the editor interface.
- Open the Overrides tab.
- Open the Authorization section.
- Under Authorization - If not set all users will have access, change the dropdown to say Override
- Choose an Authorization Manager. If you don't have one set up already, see the steps below. if you do have one or more authorization managers, they will be listed in the dropdown and can be used anywhere on the site.
To add Authorization Settings
If there are no Authorization Managers listed in the dropdown in the steps above or if you would like to set up a new authorization manager, you can follow the below steps:
- Open the Sites and Settings tab in the Admin section of the hamburger menu in the top left corner.
- Select the Page Defaults tab and scroll until you find the Authorization option. You can also find this setting by searching Authorization in the search bar underneath the bell icon.
- In the dropdown menu, choose the Override option and click the magnifying glass option next to the AuthorizationSettings menu.
- In the search window that appears, under Create, click the dropdown and choose BYU Authorization Settings.
- Click New.
- Give your authorization settings a name. It is helpful to name it based on who will have access (i.e. "Faculty/Staff" or "Students").
- Choose or add an Access Denied page if you would like one. This is helpful to let people know they've come to a section they don't have permission to view.
- If only specific people should access the content, or if there are specific people who should access the content in addition to the other groups you specify here, add their Net ID here under Specified User NetIds.
- If you want to use a predefined Access Category, choose one of the options in the dropdown.
- All (users with valid login) requires only that someone have a Net ID and sign in. This will include all students, alumni, employees, former employees, and anyone else who has signed up for a Net ID.
- Students Only includes all active, eligible to register students.
- Employees Only includes all university employees that are not students (faculty, staff, and admin).
- Only Students or Faculty includes all current students and university employees.
- Specified Users Only blocks access for anyone but those listed in another section on this page. If you only want certain users to have access, choose this option.
- If you have a GRO group where your users are defined, you can specify that under SAML Access Groups. If you would like assistance creating a new SAML Access Group, please contact websites@byu.edu.
- When you are finished with configurations, click Save.
- Click the Back link at the top of the page.
- In the select window, click the name of the Authorization Settings you just created. The window will close.
- If you are editing site default settings, click Save. If you are editing page or section overrides, click Publish or Save.
Adding a Sign-In Button
To add a sign-in button to the top right of your site's header, follow these steps:
- Open the Sites and Settings tab in the Admin section of the hamburger menu in the top left corner.
- Select the Page Defaults tab and scroll until you find the Header option. You can also find this setting by searching Header in the search bar underneath the bell icon.
- Scroll until you find the setting labeled Sign In Enabled. By default, this is set to Inherit.
- To enable the sign-in button specifically for the header, change the option from Inherit to Override.
- Once you have chosen Override, a toggle switch will appear below the dropdown menu. Click on the toggle to activate it.
- At the bottom of the page, you will find a Save button. Click on it to save the modifications you made to the header settings.