Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 26 Mar 2014, 15:04
italynstylion italynstylion is offline
 
Join Date: May 2010
User Access Lifecycle Management: Access based on employment?

Weird thread title I know....sorry for being vague

Basically, what I'm trying to do is make a vBulletin site where employees from two companies have access to register for the forum. Essentially, the forum will have somewhat confidential information inside of it and I want to limit access based on current employment by either of the two companies. This way, in the event someone leaves the company or gets fired they will no longer have access to the forum. I'll have access to two different employee databases (one per company) and I'm envisioning some sort of vBulletin utility that checks these databases for a user. If they exist then they get in.

Any tips or ideas for how to do this?
Reply With Quote
  #2  
Old 26 Mar 2014, 22:28
Elixar's Avatar
Elixar Elixar is offline
 
Join Date: Jan 2014
I would say that you would need a modification created for this. Try posting a request here.
Reply With Quote
  #3  
Old 03 Apr 2014, 18:06
italynstylion italynstylion is offline
 
Join Date: May 2010
I've crafted a solution for this (described below) that seems to work quite well. More testing is needed but preliminary testing yields the desired results.

Here's how you you set it up.

(Step 1)
Setup your forum so that only registered users can view it.

(Step 2)
Configure "user registration options" such that new users who register will receive an email with a registration confirmation link that they MUST click to activate their account. This ensures that bogus emails can't be used.

(Step 3)
ForumsMods designed a vbulletin mod that allows only certain email address domains to be used for registration. For example, @GMAIL.com would allow all Gmail addresses to be used. But if I didn't explicitly state @HOTMAIL.com then all users trying to use a hotmail account (or anything else) would be denied registration. I've personally installed this mod on VB 4.2.2 and it works like a charm! So the first step to achieving role based access (based on employment status) would be to use this mod to define email domains for your company or companies. This assumes that your company already has a means for deactivating past employee email accounts.
(mod link)--> http://www.vbulletin.org/forum/showthread.php?t=188418

(Step 4)
Dragonbyte Tech has blessed us all with a great security mod for vbulletin that increases security in many different ways. The features list is quite long but the main feature we are interested in is the "universal password reset" function. This allows an administrator to reset everyone's password except yours (the admin). This feature is actually available in the Lite version. Install the mod so you can gain this very important feature.
(mod link)--> http://www.dragonbyte-tech.com/product/123-vbsecurity/?

(Step 5)
Now that you have the VB Security mod installed go to your admin panel under Dragonbyte VB Security and change the options for "Security Watchers: User Data". This configuration gives you the ability to have the mod log changes to user profile fields and perform certain actions should a criteria be met.
Setup a rule that states if a user changes their email address the forum will automatically send the admin an email and the user will be banned. Since email addresses don't change while an employee is employed this will alert you to someone trying to retain access following employment termination.

(Step 6)
Set a calendar reminder to reset all passwords after a specified time. I'm choosing every 90 days as that will likely be sufficient for my needs. When the password is reset all users will get an email stating their password was reset. This email will include their user name and a temporary, randomly generated password. The email even includes a direct link for them to reset the password. I'm choosing to let my users use their old password so I don't piss them off
What's important here is that if the user no longer has access to the email address associated with their account they will NOT be able to reset their password and therefore will not have access to the forum.



And that's it! Now you have a way of ensuring your entire forum is locked down to ONLY users who have company email access. Enjoy!

Last edited by italynstylion; 03 Apr 2014 at 18:19.
Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Forum Home Enhancements Access Forum Based On Value in User Profile Field fci vBulletin 3.6 Add-ons 35 27 Apr 2010 15:28



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 21:00.

Layout Options | Width: Wide Color: