Frontend user authentication

Modified on Tue, 13 May at 3:39 PM

Setting up Authentication functionality

TODO: review these notes

Read through the entire document before starting any work!

Notes:

The notes below are for implementing Frontend User Authentication to secure pages.
If you are creating a Web Engine Course installation, see the article notes for that module.
Assumes website has been created! If there's no existing website see create new website

Before you start

Consider how you want to add users to the system. This impacts which pages are needed and how to configure them. Examples:

Users are created by an Administrator
- ex: A secured church area
- There is no registration page. (bots can't register themselves)
Users register themselves
- ex: a public online course
- Has a registration page. (bots can register)

Create the user collection

A User Collection is a group of users that can access one or more websites.

Admin Area > Authentication > User collections
Click on "Add user collection"
Name: Provide the collection a name appropriate to the function
Type: Entity or Network (usually Entity type)
Entity: select which entity uses the user collection (usually current)
- Network: (if this type) select a Network for the user collection
Click on Create button
The user collection will open for editing:
Providers: typically click on "Add email sign in" button
- Click on Update button
Profile fields:
The user account can have multiple fields. We typically use these:
- username:
  - Click on Add field button
  - Name: "username"
  - Label: "User Name"
  - Type: username
  - Required: (yes) set Checkmark
  - Unique: (yes) set Checkmark
  - Click on Add button
- email:
  - Click on Add field button
  - Name: "email"
  - Label: "E-Mail"
  - Type: Email
  - Required: (yes) set Checkmark
  - Unique: (yes) set Checkmark
  - Click on Add button
Profile name field: select username
Click on Update button

Website pages

Consider the structure needed for your workflow and create the pages
Example structure of internal secured pages. Create these pages.
- ... [pagetree root]
- utility (no preset)
  - Sign-in
  - Sign-in error
  - Terms [page with terms legal text]
  - Verify Sign-in
  - User account
  - Internal [top page for secured pages]
    - ...create additional pages as needed...

Add the indicated blocks to the pages. For the pages, if you don't have a design, you can use a Basic pre-set or preset with no content, just a layout (eg: ALPS - Centered Content page).

Registration page:

Create page if open to public registration
Add Registration form block

Add Sign-in form block
Set Title field
Set Registration link label

Add Sign-in error block
Set Title field

Verify sign in page:

Add Verify Sign-in block
Set Title field

User account page:

Add "overview" & "User profile" blocks
Secure page:
1. ! After setting up website Authentication do these steps
2. Page settings > Advanced > Page access
3. Require authentication: set checkmark
4. Site user groups: No groups required

Website Authentication submodule

On the website, where you added the authentication pages, expand the menu below the website & click on "Authentication" submodule. Update the below sections.

Authentication Settings (tab)

Authentication

Checkmark in field "Authentication enabled"
Select the user collection
Click on Update button
Screen refreshes with additional fields displayed

Registration

Read help texts for following settings and enable if the workflow requires it
Registration enabled: enable = public registration page
Require registration: read help text
Require terms acceptance: requires users to accept terms, before they continue
Registration terms label: provide the terms label (see help texts for guidance)
Add terms label, terms link and terms link label as needed

User menu

Select the menu where you want the user's account displayed when logged in. If you have not setup menus, then you will need to come back to do this steps after menus are created.

Pages:

Set the following pages as needed. Depending on new user workflow, all pages may not be needed.
Registration page
Sign in page
Sign in error page
Verify sign in page
User account page: needs "User account overview" & "User profile" blocks
New user page

Authentication Groups (tab)

Create access groups to secure the website pages.

Click on "Add group" button
Provide name of the group. Create a group "internal"
Click on "Create" button (group interface opens up)
If you have users, you can add them to the group, under the Users tab.
To create another group, click on Authentication submodule and then on Groups.

Website secured pages

! Return to the User Account page notes above and complete those steps.

Add authentication to the Internal webpage, to create an internal area:

On the "Internal" Page > Page settings > Advanced > Page access
Page access:
- Require authentication: set Checkmark
- Site user groups: add group(s)
- Click on Update
Lock icons will replace normal page icons for pages under authentication
Secured parent page, will protect subpages
Child pages can use additional groups
Add access to secured pages in your menus or other navigation elements if needed.

Website navigation

Add navigation so the frontend users can get to the pages they should access.

Website Menus

It is possible to add secured pages into a website menu. When the user is logged in, the navigation links will then appear. A lock instead of a page icon in the menu means the user must be logged in to see the navigation link.

Page list block

On pages it is possible to use the Page list block, set to the "Child pages of current page" list type. This will display the child pages the user has access to.

Create Users

Internal test user

Use Case: Website has a secured internal region, that has no registration page, administrator adds new accounts.

To test, add a internal user to the User Collection.

Admin Area > Authentication > Frontend users
Click on "Add user"
1. Email: add a working email account
2. Name: (optional)
3. User collection: select collection to add user to
4. Click on "Create" button
User details interface opens
Double-check the User Collection setting, add if missing. (bug ticket opened)
Profile: User Name: provide unique user name
Notify user of account: set checkmark and click on "Notify user" button, to notify the user.

Test the configuration:

Administrator created user account:

Add user to the user collection groups to test their access.
1. Website > Authentication > Groups
2. Click on group name, then users. Click on Add user button
3. In the popup search for the user, then add them to the group
4. continue for each group
Add any navigation needed for the test user to reach pages they should see
1. Per "Website navigation" above:
2. Add pages with "page access" set to a group the user belongs to
3. Add Page list blocks to pages, to navigate internally without menus
Go to the frontend of the website
"Sign in" link should be visible
Click on link
Enter E-Mail into the Email address field and click on Sign in button
Go to the email account of the user
In the email received, click on the "Confirm Sign in" button
User taken to the website
Depending on configuration, there may be a Terms popup to acknowledge
After accepting the terms, you will be on the website
You should be able to access your account
Test group access to the pages, links, etc., adjust as needed.

Self-Register workflow:

This workflow requires a registration page, and configuration in the Authenticate module.
Needs test email account
Go to website frontend
Click on Register button
Fill out the fields & click on Register
As per the message on the next page, use the link sent in email to login
Login to the Members only region
Test group access to the pages, links, etc.
Adjust as necessary