Drop Shadow

Group management

If you want to allow only a specific group, use $sso->allowGroup() between the “require_once” and the “authenticate”. For example, to allow only students, use:

<? require_once('/web/includes/sso_portal.phpi'); $sso->allowGroup('student'); $sso->authenticate(); ?>

The available groups are:

  • administrator
  • faculty
  • staff
  • student

You can use allowGroup() multiple times to allow more than one group, or you can provide an array to allowGroup(). There is also a special group, ‘employee’, which matches any administrator, staff employee, or faculty member. This special group can’t be used in an array.

Denying groups

If you want to allow everyone except a specific group, use $sso->denyGroup() instead. It works the same as allowGroup(), but will deny anyone in that group (or those groups).

Denying individual visitors

If there is a short list of USD community members who should not have access to this page, you can deny access using $sso->deny(). It works the same as $sso->allow(). $sso->deny() takes precedence over all other allows and denies.

Order of allows and denies

Groups are allowed first, then denied. Users are allowed after any groups, and then denied. What this means is that you can use the following list to check the order:

  1. Group allow
  2. Group deny
  3. User allow
  4. User deny

The last item which matches is the one that counts. Thus, you can allow a group, and then allow users not in that group; or you can deny a group, and then selectively allow members who may or may not be in that group. And you can allow a group, and then deny users in that group. You can also allow a group, and also allow people not in that group.

By default, everyone is allowed. The presence of a group allow or a user allow makes everyone disallowed by default.

The order that you allowGroup(), denyGroup(), allow(), and deny() does not matter.

Custom groups

Add custom groups using a group file. The format of the group file is:

#comment about this group groupname: account1 account2 account3 account4 etc

This is the same format as .htaccess group files.

Specify the group file using $sso->groupFile('/path/to/file'). Do not put the group file in your public Sites directory! Put it outside of your Sites directory (such as in your Documents directory or a special “web” directory that you create in your account’s home directory).

All group members

If you want a list of all members of a custom group, you can use $sso->members('group'). You can use this to get a list of accounts suitable for sending to the e-mail plug-in, for example. This only works for custom groups.