1. Web Theme User Guide
  2. Documents
  3. Adding Users & Login
Book: For Developers
Last Updated: 05/01/2023 - 11:54

Adding Users & Login

The Web Theme allows for the addition of new content editors and administrators and the ability to assign them a role and have different permissions assigned to each role. 

  • We recommend setting up CAS (single sign on integration), which is included in every site.

  • New sites requested via ServiceNow will be setup with CAS (along with a logo lockup and other goodies)

  • Multi-Factor Authentication (i.e. DUO) is also available for eligible sites. Skip to DUO information.

 

icon for information

In May 2022, we enhanced the login page for a better user experience. If you're site's login page does not look like the below example, please go to Admin > Extend > UCSB Login page > Install to activate the new login page.

 

A quick way to determine whether your site has CAS/SSO setup is checking the login page for a link.

login page example

 

If you're site has the SSO login link and you would like to add a new user to the website:

  1. Go to Admin > People > Add CAS User
  2. Enter the UCSB NetID in the 'username' field 
  3. Select appropriate Role (Administrator or Content Editor must be selected)
  4. 'Create New Account' button

CAS Authentication

The CAS module allows users on your site to authenticate using your institution's Central Authentication Service (CAS) server. These users will not use Drupal's standard login form, but they will have Drupal user accounts associated with them.

We strongly recommend using CAS authentication on all UCSB Web Theme sites. The instructions below explains how to convert Drupal’s default login to CAS authentication. Newly-created sites (as of March 2022) will already be configured with CAS.

 

Instructions

  1. Enable CAS module (Extend > CAS > Enable)

  2. Configure the module (Configuration > People > CAS)

 

CAS setting screen sample

 

 

3. List active users who will use CAS authentication and edit them one by one

  • Users cannot authenticate with CAS by default. This is by design and is a security feature.
  • To allow existing users to log in via CAS, edit their user account and check the box "Allow user to log in via CAS". You'll then be asked to provide the CAS username for this user. In many cases, this CAS username is the same as their Drupal username, but having this field separate allows for some flexibility.

4. Check “Allow user to log in via CAS”

5. Update Email Address (NetID@ucsb.edu), CAS Username (NetID), Username (NetID: technically you can have different username, but it’s cleaner to have just one), and Save.

The UCSB NetID is visible on UCSB People Directory via VPN.

search result for finding a netID example

6. Notify the user to use CAS login. Options for the login url are as follows: 

  • /cas

  • /caslogin

  • /user (then click on 'CAS Login' link)

Multi Factor Authentication

MFA is an extra layer of protection for your site's pages that is built on top of CAS. If the site hosts P3 or P4 data, Multi-factor Authentication (MFA) is strongly recommended. Once CAS is enabled, open a ServiceNow ticket to enable MFA for the site.

Not sure if your site has P3 or P4 data? Review UCSC’s protection levels with data examples.

 

Resources

Drupal.org page on how to setup CAS authentication

ServiceNow link to request MFA for your site

 

For help with initial site access, please contact webtheme@brand.ucsb.edu