As 2013 finally draws to a close, we have one more release to announce: VitalSite 6.7.6. This release contains a few new features related to secure content (CMS pages and secure files), and a number of fixes and updates requested by clients (full details are provided to clients in GeoCentral). The new features will be of interest to clients using VitalSite to host content for authenticated users on hospital intranets, board extranets and secure sections of their public websites.
A Fresh Perspective on Secure Content for Hospital Websites
You have 1,000 pages on your hospital website that you want to be restricted to public visitors, but you want authenticated users to see them. What’s the best way to accomplish this?
Well, there are a number of approaches you could take. Prior to VitalSite 6.7.6, I’d recommend that you set the Global Permission of the page to “Privileged” and then add view permissions to specific Groups or Users, as illustrated below.
In the above example, the permissions are set so that the only users who can view the page are authenticated administrators belonging to the Marketing group and the System Administrator user (who can not only see the page, but can edit it as well).
This approach works well, as it gives administrators precise control over who can see what content.
But sometimes you don’t need that level of precision. Sometimes you just want to make sure your content is protected from public scrutiny while remaining accessible to users you trust (authenticated users). An easy way to achieve this is to use the new “Requires Authentication” Global Permission introduced in VitalSite 6.7.6.
The use of the “Requires Authentication” Global Permission means that the page is visible to any authenticated user (anyone who signs in to the system, from administrators to portal visitors). What’s nice about this is that you can use this permission in conjunction with other content restricted at a more granular level via specific Group and User permissions.
Say, for example, you maintain a public website that hosts an intranet and board extranet. In this scenario, the public website would use the “Public” Global Permission. All your intranet content would use “Requires Authentication,” and the board extranet could be restricted as “Privileged” so that the only users permitted to see it are those belonging to a Board of Trustees group (for example).
More Options for Secure Files
The secure content enhancements don’t end with CMS pages. We’ve also extended the Global Permissions for secure files to include a “Requires Authentication” option. This functions similarly to the permissions on CMS Pages: when “Requires Authentication” is used on a secure file, any authenticated user will be able to view the secure file.
It is worth noting that as was the case with previous versions of VitalSite, secure files are never publicly visible. The new feature simply adds a bit more flexibility to how you provision access to authenticated users.
Who Can Use
The new “Requires Authentication” Global Permission is currently available only to clients who use either the Active Directory integration or the Consumer Portal.
In fact, if you have been using the Geonetric Consumer Portal, you may recognize a similarity between the previous “Portal” permission, and the new “Requires Authentication” permission. For you, this enhancement will at first seem like little more than a label change. While that is true for now, the work we’ve done behind the scenes sets the stage for more significant changes to come in future releases. Stay tuned!
If you’re interested in learning more about how you can put the new secure content features to use on your hospital website, intranet, portal or board extranet, contact us today.