Creating a Closed User Group
- Topics:
- Administering
CREATED FOR:
- Admin
Closed User Groups (CUGs) are used to limit access to specific pages that reside within a published internet site. Such pages require the assigned members to login and provide security credentials.
To configure such a area within your website you:
-
apply this group to the required pages and select (or create) the login page for use by the members of the CUG; also specified when applying a CUG to a content page.
-
create a link, of some form, to at least one page within the protected area, otherwise it will not be visible.
-
configure the Dispatcher if in use.
Creating The User Group To Be Used
To create a closed user group:
-
Go to Tools - Security from the AEM homescreen.
NOTE
See Managing Users and Groups for full information on creating and configuring users and groups. -
Select the Groups card from the next screen.
-
Press the Create button in the top right corner, in order to create a new group.
-
Name your new group; for example,
cug_access
. -
Go to the Members tab and assign the required users to this group.
-
Activate any users that you have assigned to your CUG; in this case, all members of
cug_access
. -
Activate the closed user group so that it is available in the publish environment; in this example,
cug_access
.
Applying Your Closed User Group To Content Pages
To apply the CUG to a page:
-
Navigate to the root page of the restricted section you want to assign to your CUG.
-
Select the page by clicking on its thumbnail and then clicking Properties in the top panel.
-
In the following window, go to the Advanced tab.
-
Scroll down and enable the tickbox in the Authentication Requirement section.
-
Add your configuration path below, then press Save.
-
Next, go to the Permissions tab and press the Edit Closed User Group button.
[NOTE!]
Note that CUGs in the Permissions tab cannot be rolled out to Live Copies from Blueprints. Please plan around this when configuring Live Copy.
For more information, see this page.
-
Look for and add your CUG in the following window - in this case add the group named cug_access. Finally, press Save.
-
Click Enabled to define that this page (and any child pages) belong to a CUG.
-
Specify the Login Page that members of the group will use; for example:
/content/geometrixx/en/toolbar/login.html
This is optional, if left blank the standard login page will be used.
-
Add the Admitted Groups. Use + to add groups or - to remove. Only members of these groups will be allowed to log in and access the pages.
-
Assign a Realm (a name for the groups of pages) if required. Leave empty to use the page title.
-
Click OK to save the specification.
See Identity Management for information about profiles in the publish environment and providing forms for logging in and out.
Linking To The Realm
Since the target of any links to the CUG Realm are not visible to the anonymous user, the linkchecker will remove such links.
To avoid this, it is advisable to create non-protected redirect pages that point to pages within the CUG Realm. The navigation entries are then rendered without causing the linkchecker any problems. Only when actually accessing the redirect page will the user be redirected inside the CUG Realm - after successfully providing their login credentials.
Configure Dispatcher for CUGs
If you are using Dispatcher, you need to define a Dispatcher farm with the following properties:
- virtualhosts: Matches the path to the pages that the CUG applies to.
- \sessionmanagement: see below.
- cache: A cache directory that is dedicated to the files that the CUG applies to.
Configuring Dispatcher Session Management for CUGs
Configure session management in the dispatcher.any file for the CUG. The authentication handler that is used when access is requested for CUG pages determines how you configure session management.
/sessionmanagement
...
/header "Cookie:login-token"
...
that handles the non-CUG pages.
-
Configure /sessionmanagement by defining
/directory
; for example:/sessionmanagement { /directory "/usr/local/apache/.sessions" ... }
-
Set /allowAuthorized to
0
.
Experience Manager
- Administering User Guide overview
- Sites Features
- Website Administration
- Reusing Content: Multi Site Manager and Live Copy
- Live Copy Overview Console
- Configuring Live Copy Synchronization
- Creating and Synchronizing Live Copies
- MSM Rollout Conflicts
- MSM Best Practices
- Translating Content for Multilingual Sites
- Managing Translation Projects
- Identifying Content to Translate
- Preparing Content for Translation
- Creating a Language Root Using the Classic UI
- Connecting to Microsoft Translator
- Configuring the Translation Integration Framework
- Language Copy Wizard
- Translation Enhancements
- Translation Best Practices
- Configurations and the Configuration Browser
- AEM FAQs
- Operations
- Dashboards
- Operations Dashboard
- Backup and Restore
- Data Store Garbage Collection
- Monitoring Server Resources Using the JMX Console
- Working with Logs
- Configure the Rich Text Editor
- Configure the Video component
- The Bulk Editor
- Configuring Email Notification
- Configuring RTE for Producing Accessible Sites
- The Link Checker
- Troubleshooting AEM
- Audit Log Maintenance in AEM 6
- Editor
- Managing Access to Workflows
- Using cURL with AEM
- Configuring Undo for Page Editing
- Proxy Server Tool (proxy.jar)
- Configuring for AEM Apps
- Administering Workflows
- Configuring Search Forms
- Tools Consoles
- Reporting
- Administering Workflow Instances
- Configuring Layout Container and Layout Mode
- Enabling Access to Classic UI
- Starting Workflows
- Configure the Rich Text Editor plug-ins
- Admin Consoles
- Security
- User Administration and Security
- User, Group and Access Rights Administration
- Security Checklist
- OWASP Top 10
- Running AEM in Production Ready Mode
- Identity Management
- Adobe IMS Authentication and Admin Console Support for AEM Managed Services
- Creating a Closed User Group
- Mitigating serialization issues in AEM
- User Synchronization
- Encapsulated Token Support
- Single Sign On
- How to Audit User Management Operations in AEM
- SSL By Default
- SAML 2.0 Authentication Handler
- Closed User Groups in AEM
- Granite Operations - User and Group Administration
- Enabling CRXDE Lite in AEM
- Configuring LDAP with AEM 6
- Configure the Admin Password on Installation
- Service Users in AEM
- Encryption Support for Configuration Properties
- Handling GDPR Requests for the AEM Foundation
- Content Disposition Filter
- Personalization
- eCommerce
- Integration
- Integrating with Third-Party Services
- Integrating with Salesforce
- Integrating with Adobe Target
- Integrating with Adobe Analytics
- Connecting to Adobe Analytics and Creating Frameworks
- Configuring Link Tracking for Adobe Analytics
- Mapping Component Data with Adobe Analytics Properties
- Configuring Video Tracking for Adobe Analytics
- HTTP2 Delivery of Content FAQ
- Troubleshooting your Adobe Campaign Integration
- SharePoint Connector Licenses, Copyright Notices, and Disclaimers
- SharePoint Connector
- DHTML Viewer End-of-Life FAQs
- Integrating with Adobe Campaign Classic
- Related Community Articles
- Integrating with Adobe Campaign Standard
- Flash Viewers End-of-Life Notice
- Integrating with Adobe Creative Cloud
- Integrating with Adobe Dynamic Tag Management
- Opting Into Adobe Analytics and Adobe Target
- AEM Portals and Portlets
- Integrating with Dynamic Media Classic
- Troubleshooting Integration Issues
- Integrating with BrightEdge Content Optimizer
- Best Practices for Email Templates
- Catalog Producer
- Integrating with Silverpop Engage
- Integrating with Adobe Campaign
- Integrating with ExactTarget
- Analytics with External Providers
- Integrating with the Adobe Marketing Cloud
- Manually Configuring the Integration with Adobe Target
- Prerequisites for Integrating with Adobe Target
- Adobe Classifications
- Solutions Integration
- Target Integration with Experience Fragments
- Best Practices
- Content Management