Mason Ambery
67 posts
Registered:
19 Nov 2021
26 Mar
Link to this post
In our current setup, we allow our customers to manage their own security roles and create new users. Each of our customers was assigned a Site Admin security role that allows for the creation of new users as well as enabling or disabling access to the Sitefinity Portal. All of the authorization is currently done through Sitefinity as these Portal Users and Roles are created in Microsoft Dynamics first and then synced through TPC. We were wanting to use the Sitefinity security module and extend it to an Aha! portal rather than requesting our customers create and manage an additional user within Aha!. From best we can tell, Sitefinity recommends that we point both Sitefinity and Aha! to an external Identify Server. Our assumption is that by doing this, we will add all of the existing users, we do use email address as the login, and each of the existing user will establish a new password. Sitefinity and Aha! would then both point to new login pages that after authorization would redirect back to the application with the necessary response for access to the site.
My primary concern is, will I lose the ability for the members to create new users and administer their security by doing this? I could always create a default security role and assign it to newly created users and then the the Site Admin would add additional roles but I'm not sure how the Portal User would get created within CRM/Sitefinity and then synchronized across the two systems. It's worth notating that we do not allow registration from the site as access is limited to our customers which is why Users and Securitys are only created/assigned from within the Portal. I'm using workflow in CRM to do this when Contact Records are created based on a custom field within the Contact and to assign new already defined Portal Roles to exiting Portal Users.
The original request was to allow a user logged into the Sitefinity Portal to be able to click on a link that would launch the Aha! Portal and not require them to login in again. We did just recently sign a deal with Okta which is the Identity service that we would use.