Public
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Leader

Can you automatically apply a role to a member

I would like the employee role to be assigned to anyone with our domain in their email address.

Has anyone successfully automated the application of a role based on email or any other criteria?

 

7 Replies 7
Director

@mhock - Yes, you can do some customisation here:

Below is the reference code:

 

 <#if !user.anonymous>
    <#assign userEmail = rest("/users/id/${user.id}/").user  />
  </#if>
  <#list userEmail as getEmail>
      <#assign spiltEmail = getEmail.email?split("@") />
      <#assign getSplittedEmail = spiltEmail[1]?split(".") />
      <#assign SplittedEmail = getSplittedEmail[0] />
  </#list>
    <#assign getUserRole = restadmin("/users/id/${user.id}/roles").roles.role  />
    <#assign rolesA = [] />
   <#list getUserRole as role >
      <#assign rolesA = rolesA + [role.name?js_string] />
   </#list>


 

With the above code, you will get user email and user role, after that use the following query and check if user email contains a particular domain or not.

<#assign addRole = restadmin("/roles/name/[roleName]/users/add?role.user=id/${userID}") />

Please let me know if you have any questions.

Thanks!

Payal Uppal
Khoros Alumni (Retired)

As an additional layer of security you would want to assign the role only, if the corporate email in the community profile has also been verified. So only if the following value is true:

<#assign email_verification = rest("/users/self/settings/name/user.email_verified").value />

Otherwise an unverified bogus email ending with the corporate domain could grant malintended visitors access to the staff role.


Khoros Best Practice until August 2019. Onwards posting as Claudius.
Learn how to master Khoros. Learn Best Practice in the Community Documentation
If you appreciate my efforts, please give me a kudo ↓
Accept as solution to help others find it faster.

The above are good solutions.

We do something similar, but because we use SSO we obtain a user profile value representing our Enterprise ID (EID) for each user and then have a bit of an expanded customization to apply/remove various roles via an EID-role mapping list we access within the Admin Console. Fundamentally it is similar to the above code, with some additional customizations to allow us to define additional EIDs-role mappings and remove roles based on EID as well.

Since we know the EID of our internal users, we can apply this role to our employees based on that EID.

We also use this same EID-role mapping to grant access to various customers to beta content and discussions, and other private section by their account EID.

Maybe more complicated an approach than what you need, but it might be useful to think about if you have broader use cases for roles than employees vs everyone else.

We've generally done it via an SSO implementation, which is a bit more of an undertaking, but you can do a lot with it.


Becky Scott

JumpCloud Sr Manager, Technical Community

@Payal @sdodds @lolagoetz @ClaudiusH 

Thank you ALL so much for chiming in.  We have SSO and are a private Community so I will be using this post to see what our development team can produce.

Thanks again and HAPPY Friday!

Melissa

That's awesome, Melissa. There's some config on the Khoros side, too, so
it'll require an engagement with them to get it activated / set up. You
should know that as you're planning.

Becky Scott

JumpCloud Sr Manager, Technical Community

@mhock - Did you ever implement this?  Thanks!  

Welcome to the Technology board!

Curious about our platform? Looking to connect on social technology? You've come to the right place!

Are you a Khoros customer? For direct assistance from our Support team, please visit the Support Forum.