How do I create a role and limit/grant access to content?

 

Here’re the steps to create a role and grant access to the limited-access content.

  1. Click on Roles & Access Control located on the sidebar and create a new role for contact user type.
  2. Choose the content you would like to provide access to this role.
  3. Now, go to Contacts.
  4. Select your contacts to whom you want to assign this new role you created.
  5. Hover on Tools icon on the top right.
  6. Click on Bulk Edit and pop up shall open.
  7. In the pop up, select Assign roles from the drop down.
  8. You would see the roles including the role you just created.
  9. Select the newly created role so the switch turns green
  10. Click
    on Save button. That’s it. Now, all selected contacts will be assigned
    with that custom role and will be able to access the limited-access
    content.

Please
make sure, when creating/editing the limited-access content, it is set
to be accessible by the selected role only. You can do so by choosing
Custom roles and choosing the role for which this content will be
accessible.

How to enable Single Sign On (SSO) on my Dryfta website?

Step 1: Configure your CRM as Identity Provider (IdP)

In your CRM, you will need to enter the following information to configure your IdP. (Replace ‘yourevent‘ with your event domain eg. tedx2020)

SP-EntityID / Issuerhttps://yourevent.dryfta.com/plugins/authentication/ miniorangesaml/
ACS (Assertion Consumer Service) URL / Single Sign-On URL (SSO)https://yourevent.dryfta.com/?morequest=acs
Single Logout URL (SLO)https://yourevent.dryfta.com/index.php?option=com_users&task=logout
Audience URIhttps://yourevent.dryfta.com/plugins/authentication/miniorangesaml/
NameID Formaturn:oasis:names:tc:SAML:1.1: nameid-format:emailAddress
Default Relay State (Optional)https://yourevent.dryfta.com/
 

Alternatively, you can access these information from the Metadata URL: https://yourevent.dryfta.com/?morequest=metadata

 

Step 2: Configure Dryfta as Service Provider (SP)

To setup Dryfta as the Service Provider, you need to email support desk (support@dryfta.com) with following information:

Single Sign-On Service URLThe SSO URL that you have noted from your CRM.
IdP Entity ID or Issuer:  The Entity ID that you have noted from your CRM.
X.509 Certificate:Download this certificate from your CRM and send along with the email.

 

Step 3: Attribute Mapping (Optional)

  • Attributes are user details that are stored in your Identity Provider.
  • Attribute Mapping helps you to get user attributes from your Identity Provider (IdP) and map them to Dryfta user attributes like firstname, lastname etc.
  • While auto-registering the users in your Dryfta site these attributes will automatically get mapped to your Dryfta user details.

 

AttributeName Identifier
Email    Email
Fist Name    FName
Last Name    LName

 

Note: Email address is used as the unique identifier in Dryfta.

 

Step 4: Enable SSO from under Contact Settings

  • Go to your event website’s login page and click on ‘Login with your IdP credentials’ button.
  • If you have configured the settings correctly, you should be able to create a Dryfta account using your CRM’s existing login credentials and get logged-in to your Dryfta dashboard.
  • If you’re unable to log in using your IdP credentials, please email support desk with the error message that is returned and a screenshot of the SSO configuration from your Identity Provider’s dashboard.

 

Troubleshooting

 

The SAML Tracer is an add-on in the Chrome/Firefox browser. Install it and open it when you perform SSO for the user from your browser. It will trace all the logs. When you get the error, export the logs from the SAML Tracer. Choose ‘none’ as value while exporting the logs from SAML Tracer and send the files.

 

Attributes mapping incorrectly? Let us know and we will run an automated configuration test for your SSO integration and see if the attributes names need to be updated based on what is being sent from the Identity Provider (IdP).

 

Redirects to 500 Internal Server Error page after logging in with your IdP credentials? Please ensure Email Address is set as the NameID at the Identity Provider (IdP).

How to allow only specific users to check-in to a session?

Go to Program builder and click on the session which you want to be accessible for check-ins to users with custom role only, set the option “Who can check-in to this session” to custom roles and choose the custom role you just created. Click on Save. See screenshot below.

Now, simply assign this newly created custom role to users to whom you want to allow to be able to check-in to this session.

How to limit access to a content to particular users only?

 

  1. Using Roles & Access Control, create a custom role.
  2. Go to Manage content.
  3. Go
    to a content which you want to be viewed by users
    with this custom role only, and set this content to custom roles. Save.
  4. Return to Roles & Access Control, and choose this content to make it accessible for this custom role.

Now, simply assign this newly created custom role to users to whom you want to make it accessible.

How to assign custom roles to a user?

  1. Go to Roles & Access Control
  2. Create a custom role, choose a usertype and pages accessible to this role. Save.
  3. Go to Contacts and go to a contact’s detail. The custom roles you created shall be there. Simply enable it for this contact and Save. That’s it.

Please make sure you are assigning the roles to user with the associated usertype only. If you have created a custom role for administrator usertype, you shall see this custom role only for users which are registered as administrators.

So,
for example, if a user’s usertype is contact, only contact-usertype
related roles could be assigned to that user. And if the user’s usertype
is administrator, only administrator-usertype related roles could be
assigned to that user.