1. Home
  2. Documents
  3. For Developers
  4. Adding Users & Login
Book: For Developers
Last Updated: 08/28/2024 - 12:07

Adding Users & Login

The Web Theme allows for the addition of new content editors and administrators and the ability to assign them a role and have different permissions assigned to each role. 

  • Sites requested via ServiceNow will be setup with CAS which will negate the need for individual site credentials. To reach a site's login page, go to mysitename.pantheonsite.io/cas

  • Multi-Factor Authentication (i.e. DUO) is also available for eligible sites. Skip to learn about DUO information.

 

login page example

 

To add a new user to the website:

  1. Go to Admin > People > Add CAS User
  2. Enter the UCSB NetID in the 'username' field 
  3. Enter the email domain (ucsb.edu)
  4. Select appropriate Role (Administrator or Content Editor must be selected)
  5. Save by selecting 'Create New Account' button
icon for information

If you're site's login page does not look like the example at the top of this page, please go to Admin > Extend > UCSB Login page > Install to activate the new login page.

 

Setting up CAS Authentication

The CAS module allows users on your site to authenticate using your institution's Central Authentication Service (CAS) server. These users will not use Drupal's standard login form, but they will have Drupal user accounts associated with them.

We strongly recommend using CAS authentication on all UCSB Web Theme sites. The instructions below explains how to convert Drupal’s default login to CAS authentication. Newly-created sites (as of March 2022) will already be configured with CAS.

 

Instructions

  1. Enable CAS module (Extend > CAS > Enable)

  2. Configure the module (Configuration > People > CAS)

 

CAS setting screen sample

 

 

3. List active users who will use CAS authentication and edit them one by one

  • Users cannot authenticate with CAS by default. This is by design and is a security feature.
  • To allow existing users to log in via CAS, edit their user account and check the box "Allow user to log in via CAS". You'll then be asked to provide the CAS username for this user. In many cases, this CAS username is the same as their Drupal username, but having this field separate allows for some flexibility.

4. Check “Allow user to log in via CAS”

5. Update Email Address (NetID@ucsb.edu), CAS Username (NetID), Username (NetID: technically you can have different username, but it’s cleaner to have just one), and Save.

The UCSB NetID is visible on UCSB People Directory via VPN.

search result for finding a netID example

6. Notify the user to use CAS login. Options for the login url are as follows: 

  • /cas

  • /caslogin

  • /user (then click on 'CAS Login' link)

Multi Factor Authentication

MFA is an extra layer of protection for your site's pages that is built on top of CAS. If the site hosts P3 or P4 data, Multi-factor Authentication (MFA) is strongly recommended. Once CAS is enabled, open a ServiceNow ticket to enable MFA for the site.

Not sure if your site has P3 or P4 data? Review UCSC’s protection levels with data examples.

 

Resources

Drupal.org page on how to setup CAS authentication

ServiceNow link to request MFA for your site

 

For help with initial site access, please contact webtheme@brand.ucsb.edu