Can you automatically apply a role to a member

mhock · ‎07-30-2019

I would like the employee role to be assigned to anyone with our domain in their email address.

Has anyone successfully automated the application of a role based on email or any other criteria?

Payal · ‎07-30-2019

@mhock - Yes, you can do some customisation here:

Below is the reference code:

 <#if !user.anonymous>
    <#assign userEmail = rest("/users/id/${user.id}/").user  />
  </#if>
  <#list userEmail as getEmail>
      <#assign spiltEmail = getEmail.email?split("@") />
      <#assign getSplittedEmail = spiltEmail[1]?split(".") />
      <#assign SplittedEmail = getSplittedEmail[0] />
  </#list>
    <#assign getUserRole = restadmin("/users/id/${user.id}/roles").roles.role  />
    <#assign rolesA = [] />
   <#list getUserRole as role >
      <#assign rolesA = rolesA + [role.name?js_string] />
   </#list>

With the above code, you will get user email and user role, after that use the following query and check if user email contains a particular domain or not.

<#assign addRole = restadmin("/roles/name/[roleName]/users/add?role.user=id/${userID}") />

Please let me know if you have any questions.

Thanks!

Payal Uppal

ClaudiusH · ‎07-30-2019

As an additional layer of security you would want to assign the role only, if the corporate email in the community profile has also been verified. So only if the following value is true:

<#assign email_verification = rest("/users/self/settings/name/user.email_verified").value />

Otherwise an unverified bogus email ending with the corporate domain could grant malintended visitors access to the staff role.

Khoros Best Practice until August 2019. Onwards posting as Claudius.
Learn how to master Khoros. Learn Best Practice in the Community Documentation

If you appreciate my efforts, please give me a kudo ↓
Accept as solution to help others find it faster.

sdodds · ‎07-31-2019

The above are good solutions.

We do something similar, but because we use SSO we obtain a user profile value representing our Enterprise ID (EID) for each user and then have a bit of an expanded customization to apply/remove various roles via an EID-role mapping list we access within the Admin Console. Fundamentally it is similar to the above code, with some additional customizations to allow us to define additional EIDs-role mappings and remove roles based on EID as well.

Since we know the EID of our internal users, we can apply this role to our employees based on that EID.

We also use this same EID-role mapping to grant access to various customers to beta content and discussions, and other private section by their account EID.

Maybe more complicated an approach than what you need, but it might be useful to think about if you have broader use cases for roles than employees vs everyone else.

lolagoetz · ‎07-31-2019

We've generally done it via an SSO implementation, which is a bit more of an undertaking, but you can do a lot with it.

Becky Scott

JumpCloud Sr Manager, Technical Community

mhock · ‎08-02-2019

@Payal @sdodds @lolagoetz @ClaudiusH

Thank you ALL so much for chiming in. We have SSO and are a private Community so I will be using this post to see what our development team can produce.

Thanks again and HAPPY Friday!

Melissa

lolagoetz · ‎08-02-2019

That's awesome, Melissa. There's some config on the Khoros side, too, so
it'll require an engagement with them to get it activated / set up. You
should know that as you're planning.

Becky Scott

JumpCloud Sr Manager, Technical Community

dave-coleman · ‎05-02-2022

@mhock - Did you ever implement this? Thanks!

Can you automatically apply a role to a member

Is It Possible for a User to Turn Off Rank Notific...

How do you highlight member content on the homepag...

Embed Videos on Main Community Page

What is lia?