How do I create a role and limit/grant access to content?

 

Here’re the steps to create a role and grant access to the limited-access content.

  1. Click on Roles & Access Control located on the sidebar and create a new role for contact user type.
  2. Choose the content you would like to provide access to this role.
  3. Now, go to Contacts.
  4. Select your contacts to whom you want to assign this new role you created.
  5. Hover on Tools icon on the top right.
  6. Click on Bulk Edit and pop up shall open.
  7. In the pop up, select Assign roles from the drop down.
  8. You would see the roles including the role you just created.
  9. Select the newly created role so the switch turns green
  10. Click
    on Save button. That’s it. Now, all selected contacts will be assigned
    with that custom role and will be able to access the limited-access
    content.

Please
make sure, when creating/editing the limited-access content, it is set
to be accessible by the selected role only. You can do so by choosing
Custom roles and choosing the role for which this content will be
accessible.

How to enable Single Sign On (SSO) on my Dryfta website?

Step 1: Configure your CRM as Identity Provider (IdP)

In your CRM, you will need to enter the following information to configure your IdP. (Replace ‘yourevent‘ with your event domain eg. tedx2020)

SP-EntityID / Issuerhttps://yourevent.dryfta.com/plugins/authentication/ miniorangesaml/
ACS (Assertion Consumer Service) URL / Single Sign-On URL (SSO)https://yourevent.dryfta.com/?morequest=acs
Single Logout URL (SLO)https://yourevent.dryfta.com/index.php?option=com_users&task=logout
Audience URIhttps://yourevent.dryfta.com/plugins/authentication/miniorangesaml/
NameID Formaturn:oasis:names:tc:SAML:1.1: nameid-format:emailAddress
Default Relay State (Optional)https://yourevent.dryfta.com/
 

Alternatively, you can access these information from the Metadata URL: https://yourevent.dryfta.com/?morequest=metadata

 

Step 2: Configure Dryfta as Service Provider (SP)

To setup Dryfta as the Service Provider, you need to email support desk (support@dryfta.com) with following information:

Single Sign-On Service URLThe SSO URL that you have noted from your CRM.
IdP Entity ID or Issuer:  The Entity ID that you have noted from your CRM.
X.509 Certificate:Download this certificate from your CRM and send along with the email.

 

Step 3: Attribute Mapping (Optional)

  • Attributes are user details that are stored in your Identity Provider.
  • Attribute Mapping helps you to get user attributes from your Identity Provider (IdP) and map them to Dryfta user attributes like firstname, lastname etc.
  • While auto-registering the users in your Dryfta site these attributes will automatically get mapped to your Dryfta user details.

 

AttributeName Identifier
Email    Email
Fist Name    FName
Last Name    LName

 

Note: Email address is used as the unique identifier in Dryfta.

 

Step 4: Enable SSO from under Contact Settings

  • Go to your event website’s login page and click on ‘Login with your IdP credentials’ button.
  • If you have configured the settings correctly, you should be able to create a Dryfta account using your CRM’s existing login credentials and get logged-in to your Dryfta dashboard.
  • If you’re unable to log in using your IdP credentials, please email support desk with the error message that is returned and a screenshot of the SSO configuration from your Identity Provider’s dashboard.

 

Troubleshooting

 

The SAML Tracer is an add-on in the Chrome/Firefox browser. Install it and open it when you perform SSO for the user from your browser. It will trace all the logs. When you get the error, export the logs from the SAML Tracer. Choose ‘none’ as value while exporting the logs from SAML Tracer and send the files.

 

Attributes mapping incorrectly? Let us know and we will run an automated configuration test for your SSO integration and see if the attributes names need to be updated based on what is being sent from the Identity Provider (IdP).

 

Redirects to 500 Internal Server Error page after logging in with your IdP credentials? Please ensure Email Address is set as the NameID at the Identity Provider (IdP).

How to provide staff with partial/complete access to the event platform backend?

We recently released the Access Control feature which
prevents staff members (administrator usertype) from accessing the whole
of the event platform backend and allows access to only those s of the backend section which the
staff is assigned to.

So, to let a staff log in and access
the various sections of the platform, you need to log in to the
backend first, create a Role (go to Roles & Access Control), set
permissions for various sections of the platform, and then Save. Now go
to staff’s profile details (in the backend), select the Role you have
just created in Roles & Access Control, and Save.

Your staff can now access all the sections in the Dryfta backend which you have
enabled for that role and just assigned to this staff.

PS. To assign a role to multiple staff, use the Bulk Edit feature. Locate it in the Settings icon on the top right in Contacts section.

PS 1.1. Please make sure you have selected the correct usertype. You can
assign administrator roles to administrator usertype only. Same for
contact usertype. You can assign contact related roles to contact
usertype. One cannot assign administrator roles to contact usertype or
vice-versa.

How to allow only specific users to check-in to a session?

Go to Program builder and click on the session which you want to be accessible for check-ins to users with custom role only, set the option “Who can check-in to this session” to custom roles and choose the custom role you just created. Click on Save. See screenshot below.

Now, simply assign this newly created custom role to users to whom you want to allow to be able to check-in to this session.

How to limit access to a content to particular users only?

 

  1. Using Roles & Access Control, create a custom role.
  2. Go to Manage content.
  3. Go
    to a content which you want to be viewed by users
    with this custom role only, and set this content to custom roles. Save.
  4. Return to Roles & Access Control, and choose this content to make it accessible for this custom role.

Now, simply assign this newly created custom role to users to whom you want to make it accessible.