Settings for your portal can be managed fully within the New Generation interface. From the left-hand navigation menu, select ‘Portal’ then opt for ‘Style my portal’ to customize the look & feel, or opt for ‘Settings’ to control access to your portal. There are 4 key settings here which we’ll describe in more detail below.
These access settings are available if you are on a Professional or higher edition of Preservica, with Single-sign on accessible to Enterprise editions only.
These access settings are also only accessible to users with the ‘Manager’ role.
Controlling access type & user login
It is your security tags and their mapping to roles and users, which control what content is visible on your Portal. For example, if you have a ‘Special collections’ security tag, and you give the ‘Anonymous’ role permissions to View content or metadata with that security tag, then that makes the content with the ‘Special collections’ security tag public to anyone viewing your Portal.
This is important to emphasize because until recently, it was only the ‘Public’ security tag that controlled whether your content was visible on Portal. Control of access to Portal now layers on top of your security matrix in a more flexible and customizable way, which you will already be used to if you have used Universal Access.
When it comes to controlling access to your Portal, you can choose from the following 4 options depending on your edition:
| Type | Description | Available to edition(s) |
|---|---|---|
| “Public” | Allows anyone accessing your Portal to see content tagged with security tags which the ‘Anonymous’ role is allowed to view. | All |
| “Shared password” | Similar to the above except that in order to see content, visitors have to enter a password you have specified and shared with them. This is one password that’s shared by everyone, rather than each person having their own password (login). | Starter Plus and above |
| “No public access” | Requires a unique user login to access your Portal | Professional and above |
| “User login - Preservica users” | Allows those with a user login to log into Portal and see content you’ve allowed them to view, based on the roles assigned to them and how those roles map to security tags on your content. When the ‘Preservica users’ box is checked, then a ‘Log in’ link will become visible on your Portal and your users will be able to log in either with SSO (if that is configured on your tenancy) or if you don’t have SSO configured then they will be able to log in with an email and password (if you are managing their access using the Users or user management page). It is not currently possible to allow both types of login (SSO and email/password) on your Portal, and if you have SSO configured for your tenancy, that will by default be used for login on Portal as well. | Professional and above SSO - Enterprise edition only |
You can layer “Public” access with a single type of “User login” (SSO or email/password), and you can layer “Shared password” with a single type of “User login”. Only “Public” access and “Shared password” cannot be used together as one makes specific content visible to anyone visiting, and the other makes that same content visible only to those who enter a shared password first.
Setting up Single sign-on for portal
Customers on our Enterprise editions can now use Single Sign-on (SSO) with both their New Generation interface and Portal. One SSO configuration manages both sites and it enables you to control access to Portal content at scale by mapping SSO group membership to roles within Preservica.
How to set it up
Step 1: Configure your permissions and roles
-
Within your ‘Security tags and roles’ page, you may wish to create new security tags or use existing ones to assign to your Portal content. In this example, we have selected a security tag indicating content with security clearance level 1.
-
We then created a content role with the same name and gave it permissions to Read Content and Read Metadata, making sure to click the blue ‘Save’ button above the roles.
- With the same security tag still selected, we also assigned the Manager role the ability to Read metadata as well as Read and Change permission for this security tag, making sure to click the blue ‘Save’ button.
-
We can then assign this security tag to content in our archive. Just right-click on a folder, hover over ‘Set security tag’ and it will appear in the list.
-
If you are using regular Login for Portal, at this point you can assign that content role to a user within your ‘Users’ tab but for Single Sign-on, we need to update our SAML configuration.
Step 2: Update access type for your Portal
-
In the main navigation menu, select ‘Portal’ and then ‘Settings’. This will take you to the page where you can control the types of access you allow for your Portal. To enable SSO, you need to make sure that under ‘User login’, the ‘Preservica users’ box is checked, then scroll to the bottom to ‘Save’ your changes.
Step 3: Update your SAML configuration
-
Within ‘Manage accounts’ → ‘Security settings’ you can set up a new or update an existing SAML configuration. You will need to map the new content role, in this case ‘Security clearance level 1' to a group of users in your SSO provider along with a functional role (ACCESS USER) if they don’t already have one. To set up this mapping, please follow our SAML guide on the Community hub: How to set up SAML SSO with role and attribute mappings in Preservica | Community
Once set up, your Portal users will see a ‘Log in’ link in the top right-hand corner of your Portal, which will allow them to log in.
Of note:
-
If you have public (anonymous) access enabled for your Portal, entering a direct link to a folder or asset which you don’t have permission to access will result in a ‘404 Page not found’ error.
-
If you have SSO configured for your tenancy, then enabling User login for your Portal will automatically enable SSO login. Meaning that when a Portal visitor clicks the ‘Log in’ link on your Portal, they will immediately be redirected to your SSO provider for authentication. It is not currently possible to enable both SSO and regular login (email + password) for your Portal - please let us know if this is something you need by emailing dual.running@preservica.com.
Control who can download your portal content
If you are on a Professional or Enterprise edition, you can enable or disable the ability for consumers of your public portal to download your public assets. This is a global setting so that means this is either on, or off and cannot currently be customized to parts of your archive or portal.
Each of these 3 options controls the visibility of the ‘Download’ button shown next to assets through your portal:
- ‘Enabled’ = the ‘Download’ button next to assets is visible to anyone across your whole public portal
- ‘Disabled’ = the ‘Download’ button next to assets is not visible to anyone, anywhere on your portal
- ‘Logged in users only’ = the ‘Download’ button next to assets is only visible to users who are logged into your portal when they are logged in.
When the ‘Enabled’ option is selected, this is what is shown in the public portal (download option):
When the ‘Disabled’ option is selected, this is what is shown in the public portal (no download option):
