Building a secure client area (Brizy Cloud)
Hello, I'd like to have a client login for my clients. Forgive me, but I will explain in very simple details to avoid confusion.
This is how I want it to work:
1/ I give a client a username and password
2/ They use that to login on my site
3/ They are taken to their own page.
But this seems impossible, so at the moment I have been hacking things together.
Let me explain the four ways I've been looking at:
NUMBER ONE
First I ask a client (call them Client Three) to register/sign up on a form on my site.
They do, and I go into the CMS > Assets > Users > All Users - I then select the newly created user and set their roles to, say Client Three
Having created a "Client Area" page. I limit the visibility of the blocks to the User Role. In this case only one block will have been assigned the role of Client Three. The rest Client One, Client Two, etc.
Then once they sign in and go to that page they can see the content that I want only them to see.
This has issues: all the content for all clients has to be designed on a single page. And the client user experience is, shall we say, awkward.
NUMBER TWO
I create a client page for each client. Again, let's take Client Three.
This page I publish as Protected. I assign it a password and give Client Three the URL for their page and the password.
I make sure that this is not in any menu and that it cannot be crawled.
But there is no way for then to log in from my site (I don't want Client Three to see a list of other clients).
NUMBER THREE
This has failed me so far - but without reason.
In the CMS > Assets > Users > All Users
I create a User: Client Three again.
An email is sent to Client Three: the email that it sent automatically tells Client Three, here is the URL of MY site, this is the email (for login).
AND for some reason it tells Client Three and I quote "Password: the password chosen when setting up the account".
They didn't set up the account and never entered a password. And I don't have the ability to assign one. So where do they get the password? Only by registering - but which the email tells Client Three:
You are receiving this message because you recently signed up for an account on our website. You can login using the following:
Which obviously didn't happen. I don't seem to have access to passwords for my sites Users, or do I? Is there a way for me to get hold of the password that has been used, I can't see that anywhere?
Anyway, as you can see, this makes the UX bad.
NUMBER FOUR
I notice that the User pages look like they can be edited.
On the CMS page will All Users selected there is a name list of Users. Each line has an Orange dots that stats "Invited" when rolled over (this never changes, even once they have signed up). Then along a little to the right is Actions (Edit or Trash). If I try to Edit these pages and then Update - it fails.
I get two popup warnings:
1/ One at the top in red that tells me: Could not publish or save page
2/ And one centrally that says: This page needs a refresh. You’ve probably updated this page (or another page) in a different tab or browser.
What are these User Pages meant to be for, if they can't be edited?
So that's what I have tried. Can you help me create what I want - which is for a client, say Client Three to sign in from my homepage (without seeing a list of other clients) and be given access to their own page?
Here's hoping :)
PS I have been through video tutorials 26, 27, 28 and the page o called: Users, Roles & Membership Functionality without success.
-
Hi
Let me suggest an approach which is a combination of Number One and Number Two approaches mentioned above. Please let us know if this approach would work for you.
- You create a client page for each client.
- Ask each client to register/sign up on a form on your site.
- They do, and you go into the CMS > Assets > Users > All Users - You select the newly created user and set their roles (Eg: Client Three)
- In the Login page just below the page header, add a personalized block for each user. In the Personalized block, you can say something like "Hi Username, access your private page here" and provide a hyperlink to their respective page. Set Membership for the personalized block so that each user will see only their respective link. For 10 users, you will have 10 personalized blocks in the Login page.
- If you like, you can also make each client page password protected and mention the password in the personalized block.
0 -
Thank you for getting back to me so quickly KC.
I understand.
You are right in thinking that I don't want the client pages visitable by anyone with a link.
Is there a way I can view the PW that "Client Three" registered with so I could make that the same as the protected page? This would make the UX a bit cleaner you see.
PS Why can't I edit User Pages and why do they always show that they have been invited?
0 -
Hi
The user passwords cannot currently be viewed or edited.
Instead of making the client pages password protected, you could also consider this option. Set Membership for every block on the client pages, and restrict access to the information to each specific client. In this approach, one client won't have access to content specific to another client, even if they have a link to that client's page. This approach also helps to get rid of the additional password for the client page.
User Management pages are designed the same way the Pages, Posts and other custom assets are designed. However many features in the User Management pages are not relevant for user management. I agree that this is a bad user interface design. Please ignore all features that are not relevant to user management.
0 -
Hello KC, good lateral thinking 👍
As for the User Management pages - I spent quite a while trying to figure what I was doing wrong. It might be worth updating to prevent others from wasting time/realising that Brizy Cloud isn't fully thought through :)
Thanks again.
0
Please sign in to leave a comment.
Comments
4 comments