Brightspot Integrations Guide

Configuring authorization settings


Once you have configured authentication settings, you can set up authorization settings to control how authenticated and non-authenticated visitors can interact with your site.

To configure authorization settings:

  1. Click menu > Admin > Sites & Settings.
  2. In the Sites widget, select the site for which you want to configure these settings, or select Global to configure these settings for all sites.
    Note
    If configuring authorization at the global level, navigate to the Auth tab. Under Authorization Manager, select Create New, and proceed to step 5.
  3. Click search, located to the left of more_horiz, and type Authorization Settings.
  4. From the Authorization Settings list, select Create New.
  5. Under Name, give these settings a name (for example, Authorization - <your site>).
  6. Under Authorization Handler, click one of the following options:
    • Advanced—Allows you to completely customize authorization access. See the section "Configuring Advanced authorization settings" below for more information.
    • Full-Site—Denies access to all authorizable types unless a visitor is logged in. While unauthenticated, the user will be redirected to the specified login page. See the section "Configuring Full-Site authorization settings" below for more information.
    • Under Section(s)—Denies access to all content under the specified sections unless a visitor is logged in. While unauthenticated, the visitor will be redirected to a specified login page. See the section "Configuring Under Section(s) authorization settings" below for more information.

Configuring Advanced authorization settings

Selecting Advanced in the Authorization Handler field allows configuring an authorization policy that is composed of the "who" (principals), "what" (resources), "action" (scopes), and "when" (conditions) of authorized access.
  1. Under Authorization Handler, select Advanced.
  2. Under Policies, click add_circle_outline, then select one of the following options:
    1. Allow All—Allows any principal to access any resource in any scope. No additional configuration is required.
    2. Deny All—Prevents any principal from accessing any resource in any scope. No additional configuration is required.
    3. Custom—Allows you to customize all elements of access. See the table below.
Custom policy fields
FieldDescription
PrincipalsConfigure the principal to which the policy applies.
  • Any—The policy applies to any principal.
  • Any Authenticated—The policy applies to any authenticated principal.
  • Role—The policy applies to any principals who have the specified role (for example, any principal with the role Editor is authorized).
  • Roles—The policy applies to any principals who have all of the specified roles (for example, any principal who has both the roles of Editor and Admin is authorized).
  • User—The policy applies to any principals who match the specified user (for example, any principal who matches the user Adam Braun is authorized).
ResourcesConfigure the resource to which the policy applies.
  • Any—The policy applies to any resource.
  • Content—The policy applies to a resource that matches the specified asset (for example, the principal is authorized to view the specific asset What is GraphQL?).
  • Content Type—The policy applies to a resource if it is of the specified content type (for example, the principal is authorized to view assets of the content type Article, so the principal can view the articles What is GraphQL?, What is JAMstack, and what does it mean for web development? and any other article).
ScopesConfigure the scope to which the policy applies.
  • Any—The policy applies to any scope.
  • View—The policy pertains to whether authorized principals can view authorized resources.
ConditionsConfigure the date condition for which the policy applies.
  • Any Date—The policy pertains to any date.
  • Date—The policy pertains to authorizable resources after a specified start date (for example, authorized principals can view authorizable resources after Jan. 1, 2024).
  • Date Range—The policy pertains to authorized resources between a specified start date and end date (for example, authorized principals can view authorized resources between the dates Jan. 1, 2024 and Feb. 1, 2024).
EffectConfigure the effect when an access request matches the policy.
  • Allow—Allows access.
  • Deny—Denies access.

Configuring Full-Site authorization settings

Full-site authorization settings deny access to all authorizable types unless a user is authenticated. While unauthenticated, Brightspot directs the user to a specified log in page.
FieldDescription
Not Logged In PageLocation where Brightspot redirects unauthenticated visitors. Select one of the following options:
  • External—Redirects the visitor to a page outside of your site.
  • Internal—Redirects the visitor to a page within your site.
  • Site Search—Redirects the visitor to a specified site search page with a specified query entry (for example, a query that says How can I log in? that returns assets that may help the visitor authenticate). You may also specify search filters and search sorts to further curate search results.

Configuring Under Section(s) authorization settings

Section authorization settings deny access to all assets under specified sections unless a visitor is authenticated. While unauthenticated, Brightspot directs the visitor to a specified log in page.
FieldDescription
SectionsSelect a section that is denied to the user if they are not authenticated. To add additional sections, click add_circle_outline Add Item.
Not Logged In PageLocation where Brightspot redirects unauthenticated visitors if they are not authenticated. Select one of the following options:
  • External—Redirects the visitor to a page outside of your site.
  • Internal—Redirects the visitor to a page within your site.
  • Site Search—Redirects the visitor to a specified site search page with a specified query entry (for example, a query that says How can I log in? that returns assets that may help the visitor authenticate). You may also specify search filters and search sorts to further curate search results.

Previous Topic
Viewing authentication entities
Next Topic
Brightcove
Was this topic helpful?
Thanks for your feedback.
Our robust, flexible Design System provides hundreds of pre-built components you can use to build the presentation layer of your dreams.

Asset types
Module types
Page types
Brightspot is packaged with content types that get you up and running in a matter of days, including assets, modules and landing pages.

Content types
Modules
Landing pages
Everything you need to know when creating, managing, and administering content within Brightspot CMS.

Dashboards
Publishing
Workflows
Admin configurations
A guide for installing, supporting, extending, modifying and administering code on the Brightspot platform.

Field types
Content modeling
Rich-text elements
Images
A guide to configuring Brightspot's library of integrations, including pre-built options and developer-configured extensions.

Google Analytics
Shopify
Apple News