Aurora: Ban members from the community
Each member plays a crucial role in the community's growth and is responsible to behave appropriately to create a positive space where other members feel welcome, safe, and engaged. But in some cases, members act maliciously, violate the community guidelines, or are abusive in nature. To avoid such malicious behaviors in the community, Moderators and members with appropriate permissions can ban these members and prevent them from accessing the community. Before banning a member, consider their member history, not just a single action or post. You can temporarily or permanently ban members based on the impact caused. You can ban members using their profile information (username, user ID, and email address) and IP addresses. Use IP address bans as a last resort. IP addresses tend to be dynamic and if a banned member restarts their router, they can get out of the ban and another member may receive the ban. In the community, you can ban members in several ways: Create ban rule from the Manage Users dashboard Ban members from the Content Management dashboard Ban members from the members’ profile page Ban members from the content page Create Ban rule from the Manage Users dashboard Using a ban rule, you can ban single or multiple members from the community. From the Manage Users dashboard, you can create and view the list of ban rules in the community as shown below: To create a ban rule: Sign in to the community as an Admin or Moderator. Open the Account menu and go to Manage > Users. The Banned tab on the Manage Users page is displayed. Click Create Ban Rule. Specify any of the following fields: Username: Enter a member’s username. The entry can include * and ? wildcard characters to ban all members whose usernames match all or part of the username. Example 1: If you enter the username as “Jess*,” any member whose username begins with “Jess” followed by any character will be banned. Example 2: If you enter the username as “Je?s,” the "? " replaces only the single character. The usernames like "Jess," "Jeos," and other matching usernames will be banned. User ID: Enter member’s unique User ID. Email Address: Enter member’s email address. The entry can include * and ? wildcard characters to ban members whose email addresses match all or part of the email address. Example 1: Entering “*@test.com” bans members whose email address begins with any character followed by test.com. Example 2: Entering “Je?s@test.com” bans members with email addresses like “Jess@test.com,” “Jeos@test.com,” and other matching email addresses. IP Address: Enter member’s IP address. Note that other members who use the same IP address will also be banned. Match any of the above criteria: Select this checkbox to ban a member who meets any of the criteria listed above. Otherwise, the ban is in effect only if all criteria are met. In the Ban Actions drop-down menu, select the ban Duration. The duration can be temporary or permanent as required. To set a custom duration, select Custom from the drop-down menu and set the duration. (Optional) In Ban Reasons, specify the following reasons for the ban: Internal reason for ban: Only Admins and Moderators can see this reason. They can see this reason when they edit the ban rule. Public reason for ban: Enter the reason that the banned member can see when they fail to sign in to the community. Click Ban. The impacted members are banned and signed out from the community. Ban members from the Content Management dashboard On the Content Management dashboard, you can ban members from the Spam, Abuse, and Moderation tabs using the Options menu > Ban Member. Note that you can only ban one member at a time from the Content Management dashboard. Let’s say you saw malicious content on the Abuse tab and you want to ban the member who created the content. To ban the member: Sign in to your community as an Admin or Moderator. Open the Account menu and go to Manage > Moderation. Go to the Moderation tab where you can view the list of content reported as abuse. To ban a member, open the Options menu and click Ban Member. The Ban Member window opens where the member details are auto-populated: Add information to the fields and click Ban. The Member is banned and signed out from the community. Similarly, you can ban members from the Spam and Moderation tabs. Ban members from the member profile page To ban a member from the member’s profile page: Sign in to the community as an Admin. Go to the member’s profile page by clicking the member account you want to ban on the community. Open the Options menu and click Ban Member. The Ban Member window opens where the member details are auto-populated. Specify the fields and click Ban. The Member is banned and signed out from the community. To modify ban, open the Options menu and click Edit Ban. Ban members from the content page From the content page (forum discussions, blog posts, ideas, and knowledge base articles), you can ban the member who created the content as well as members who posted replies/comments to the content. To ban an author, go to the respective post, open the Options menu, and click Ban member. To ban a member from comments or replies section, go to the comment or reply posted by the member, open the Options menu, and click Ban Member.About Aurora OIDC/OAuth2.0 SSO
OpenID Connect (OIDC) is an SSO implementation based on OAuth2. Refer to the official OpenID Connect specs for more information. OIDC Quick Start Common OpenID Connect terms: OP = OpenID Provider, also known as the Identity Provider (IDP) RP = Relying Party, also known as the Service Provider (SP) OpenID Connect typically follows this workflow: User requests to sign in. User is redirected to OP’s sign-in URL, and OP redirects the user to the RP with an authorization code sent as a query parameter value. RP sends a back-channel request to the OP’s token API with the OP-provided authorization code to retrieve the ID and Access Tokens. The ID Token is retrieved from the token response and is parsed as a JSON Web Token (JWT). The JWT is validated and decoded. (JWT validation should follow the signature specified in the OpenID Connect specifications.) The JSON payload is retrieved from the JWT and is parsed for claims to be set to the user’s community profile. If a user profile endpoint is configured, an additional call is made to the endpoint passing the access token using Bearer Authorization. (OIDC feature supports both GET and POST requests to the user profile endpoint. This is configured within the Provider settings.) Claims returned from the user profile endpoint are parsed and set to the user’s community profile based on configured Claim Mappings. Community checks to see if the user already exists with the specified SSO ID; if so, the user signs in to an existing account; if not, a new account must be created. User resumes browsing Khoros Community in signed-in state. OAuth 2.0 typically follows this flow: User clicks the sign-in/registration link or takes an action that requires sign-in. User is redirected to a Khoros endpoint that builds the IDP/OP's sign-in URL based on configured attributes and the user state (that is, the page they were on when they initiated sign-in), and then redirects the user to the built sign-in URL. User signs in or registers. If the app is not on the allow list, the user will be prompted to give access to the Aurora Community app. The user is redirected to a callback URL on Community and an authorization code is included in the request as a query parameter. Community reads the authorization code. Community makes a back-channel API call to the OAuth provider to exchange the authorization code for ID and access tokens. The ID Token is retrieved from the token response and is parsed as a JSON Web Token (JWT). Optionally, the access token is then passed using Bearer Authorization in a subsequent API call to obtain additional user attributes such as SSO ID, e-mail address, display name, etc. Community checks to see if the user already exists with the specified SSO ID; if so, the user signs in to an existing account; if not, a new account must be created. User resumes browsing Khoros Community in signed-in state. Enable OIDC/OAuth 2.0 SSO for the Aurora Community Before you begin setting up OpenID Connect SSO for Community, you must gather this information: Client ID Client Secret Authorization Endpoint URL Token Endpoint URL (OIDC only) Expected “Issuer” for JWT validation (OIDC only) JWKS URI pointing to sign-in keys Claims mapping to map the minimum Community profile attributes to claims returned by the Token Endpoint URL and/or User Info URL. The required attributes that must be mapped are: SSO ID Login Name Email Address Note: When adding Claim Mapping during Provider Creation, the keys for the above values are “ssoid,” “login,” and “email,” respectively. After you have gathered the information listed above, you must create a Provider within the Community. Note: For a detailed description of all the OIDC/OAuth 2.0-related provider settings, review Aurora OpenID Connect/OAuth 2.0 setting descriptions. To create a Provider: Go to Settings > System > Account > OIDC/OAuth Providers > Add Provider. For each tab, enter this information: Name: Used to more easily distinguish a given provider in the UI. ID: Used in the Community sign-in URL, sign-out URL, and callback URL to distinguish between each provider configuration. Check out the examples below to see how these URLs are constructed. Client ID: Determined by the app created in your OP. Client Secret: Determined by the app created in your OP. Authorization: Enter authorization URL, Response Type, and Scope. Token: Token endpoint URL, expected Issuer, and JWKS URI. In addition, claim mapping must be added either here. The required profile attributes mentioned above must be mapped to an associated claim for SSO to function properly. For example, if the “sub” claim will be used for SSO ID, beside Claim mapping (ssoid required), click Add Parameter. Then enter “ssoid” into the Key field, and “sub” into the Value field. User Info: Fill in if any claim mappings come from a user info endpoint. Insert the user info URL and add any claim mapping. Click Create. When creating the app in the OP, you might be asked to specify a callback URL. The callback endpoint uses this format: https://<communityhost>/t5/s/auth/oauth2callback/providerid/<providerid> For example, if a Community at https://community.acme.com was configured with Provider ID “acme,” the URL would be: https://community.acme.com/t5/s/auth/oauth2callback/providerid/acme Note: If your Aurora community is configured for Reverse Proxy with Subdirectory, your endpoint paths are pushed up into the reverse proxy path similar to other URLs in your community. Enable SSO When you have finished your OAuth or OIDC configuration and you are ready to test, in the Single Sign On (SSO) section, turn on Use Khoros single sign-on (SSO). For more information, see Configure SSO settings for the community. Related topics: Aurora OpenID Connect/OAuth2.0 setting descriptionsAbout Following in Aurora
Following places, content, groups, comments, replies, and tags enables you to receive updates regarding those areas or features. For more information about how these types of follows function, review the sections below. Note: If you are the author of a particular discussion, blog post, article, idea, or event, you will automatically receive updates for that content. Additionally, if you comment on a particular piece of content, you will automatically receive updates for that content. When you receive a notification, a dot appears over the Notifications bell icon in the header anywhere in the community. Click this icon to see a list of your notifications. See About Notifications. You can also choose to receive email notifications. See About Email Notifications. Follow Places and Content Follow Boards and Content To follow a board (forum, knowledge base, blog, ideas, or events) or a specific discussion, blog post, article, idea, or event, go to that page and click Follow (bell icon) at the top right of your screen. A confirmation message is displayed. Follow a Category Go to the category you want to follow and click Follow (bell icon). On the Follow window, select one of the following: All Boards in this Category These Boards in this Category If you selected These Boards in this Category, you can select specific boards to follow. Note: If you selected All Boards in this Category, you are subscribed to any boards that are added to the category later. Click Follow. A confirmation message is displayed. Follow a Group To follow a group, go to that page and click Follow (bell icon) at the top right of your screen. A confirmation message is displayed. Follow a Comment or Reply To follow a comment or reply on an article, open the Options menu and then click Follow Comment or Follow Reply, respectively. A confirmation message is displayed. Follow a Tag Following tags enables you to follow specific keywords around the community or a particular board. Any time a piece of content is tagged with a tag you follow, you receive a notification. For example, maybe you want to follow all content tagged with “concerts.” Any time someone creates content and tags it with the “concerts” tag, based on your settings, you receive a notification regarding this content in the community or board. You can follow tags at both the community level and at lower levels based on the scope of the tag page you’re on. To follow a tag: On a piece of content with a tag you want to follow, click the tag. On that tag’s page, click Follow (bell icon). Note: Use the breadcrumbs to scope to the desired area by clicking its linked name before you click Follow. On the Follow window, select between Follow in this Board and Follow across the Community. Click Follow. A confirmation message is displayed. Unfollowing After you’ve chosen to follow boards, content, or categories, you can manage the items you follow in a number of ways: Manage Follow and Notification preferences for your account Unfollow Places and Content Unfollow a Comment or Reply Unfollow a Tag Unfollow Places and Content On the page for any category, group, board, or piece of content, click Unfollow (the icon is now a bell with a checkmark on it to indicate that you’re already following that place or content). For categories, you must either select to Unfollow the entire category or deselect checkboxes below These Boards in this Category to unfollow specific boards in that category. For groups, boards, and content, you do not need to perform additional actions to unfollow. In both cases, a confirmation message is displayed. Unfollow a Comment or Reply To unfollow a comment or reply on an article, open the Options menu and then click Unfollow Comment or Unfollow Reply, respectively. A confirmation message is displayed. Unfollow a Tag On the page for any tag you’re following, click Unfollow (the icon is a bell with a checkmark on it to indicate that you’re following that tag). If you want to unfollow the tag across the entire community, click the highest level link (e.g., “Tag: concerts”) after the community name in the breadcrumbs before unfollowing—otherwise, it will be scoped to a specific place. Once you’ve unfollowed, a confirmation message is displayed. Related topics: Manage Follow and Notification preferences for your account Configure Follow settings for the communityAurora: Configure SSO settings for the community
Before you can use SSO with your community, you need to configure settings and enable the option. Note: As soon as you turn on the Use Khoros single sign-on (SSO) option, all the settings in the Single Sign-On area become active in the community. To configure SSO settings and enable SSO: Go to System > Account & Privacy. Scroll down to the Single Sign-On (SSO) section. Manage the following options: Allow member to change their SSO email address: Enable members using SSO to change the email associated with their account. This should be enabled only if the email address is collected on the Community SSO Registration screen. Allow member to change their first name and last name: Enable SSO users to update their first and last names under My Preferences > Personal. Use auto sign-in for fallback SSO: When Khoros SSO token-based sign-in fails, auto sign-in is used instead. Enter the following SSO URLs: Registration page: Direct users to this URL when they register. Sign-in page: Direct members to this URL when they sign in. Sign-out page: Direct members to this URL when they sign out. Bounce URL: (Optional) URL where the first request of a session is redirected. Can help to enable seamless Community authentication or "Bounce SSO". Leave blank to disable. Enter the Return value parameter name. By default, the Aurora Community application appends a query string parameter named referer (spelled as shown) and a value corresponding to the URL of the page the member was browsing prior to being redirected to the login or registration page. If your authentication system is already configured to use a parameter like “referer,” you can change “referer” to the name of that parameter. Otherwise, leave the parameter name as “referer.” Turn on Use Khoros single sign-on (SSO) to make these settings active in the community. Note: This must be enabled in order for any configured SSO mechanisms to be fully functional, including when using the multi-auth Sign-in Display feature detailed in Multi-Auth SSO. URL formats SAML (REDIRECT BINDING) Sign-in URL: <Aurora url>/t5/s/<communityID>/auth/saml/doauth/redirect Sign-out URL: <Aurora url>/t5/s/<communityID>/auth/saml/dologout/redirect SAML (POST BINDING) Sign-in URL: <Aurora url>/t5/s/<communityID>/auth/saml/doauth/post Sign-out URL: <Aurora url>/t5/s/<communityID>/auth/saml/dologout/post OIDC SSO Sign-in URL: <Aurora url>/t5/s/<communityID>/v1/auth/oidcss/sso_login_redirect/provider/<providerID> Sign-out URL: <Aurora url>/t5/s/<communityID>/v1/auth/oidcss/sso_logout_redirect/provider/<providerID> Related topics: About Khoros Aurora Single Sign-On (SSO) Khoros Aurora SSO auto-sign in MultiAuth SSOAurora: Multi-Auth SSO
Communities require diverse authentication methods to accommodate varying member segments like employees, customers, etc. Admins can offer multiple sign-in options simultaneously, providing enhanced flexibility. These options include: Khoros SSO Up to three IDPs for SAML More than three IDPs for OIDC/OAuth2 (OIDC can be configured via admin only) To edit these settings, go to Settings > Systems > ACCOUNT > Sign-in. If Sign-In Display is not displayed, contact Khoros Support and request that the Multi-Auth feature be enabled. Edit the Sign-In Display option to configure the sign-in options you want to provide your members and how you want to display the sign-in options. Below is an example on the list of sign-in options you can configure. From here, you can: View all available sign-in options for your community. Add a welcome note that is displayed to users on the sign-in page. Turn on or off the sign-in options you prefer. Edit the labels of the sign-in buttons. Rearrange the order in which the sign-in options appear on sign-in pages. Choose to display the sign-in options as buttons for member sign-in. If you select the Display as sign-in button option, members see a sign-in button. If you de-select this option, members see a sign-in form instead. Enable SSO When you have finished your OAuth or OIDC configuration and you are ready to test, in the Single Sign On (SSO) section, turn on Use Khoros single sign-on (SSO). For more information, refer to Configure SSO settings for the community. Related topics: About Khoros Aurora Single Sign-On (SSO) Khoros Aurora SSO auto-sign in Configure SSO settings for the communityAurora Community static IP addresses
A variety of Aurora Community integrations may require allowlisting IP addresses associated with requests to external resources or services. Some example integrations include: API Event Subscriptions (webhooks) Certain types of SSO, like OAuth 2 or OpenID Connect Custom Freemarker components using the http.client context object Custom back-end integrations built by Professional Services If your Community-related security architecture includes IP based allowlists, the following values can be used: AMER production AMER stage 34.218.217.104 35.167.51.70 34.208.76.195 35.155.246.43 35.155.246.68 52.41.143.85 EMEA production EMEA stage 52.213.102.195 52.214.128.6 34.246.41.42 52.51.95.11 34.246.43.26 52.208.187.165 APAC production APAC stage 54.206.152.214 3.105.80.217 52.65.188.98 3.105.88.113 13.239.46.46 13.55.41.72 Note: The listed IP addresses are associated only with outbound requests from Community and are not valid for inbound requests to the Community. Community IPs used with inbound requests are variable and change over time. Do not use these IPs as an element of any DNS record. If you're unsure if your Community is hosted in the AMER, EMEA, or APAC region, contact Khoros Support.Aurora: Set date ranges and data comparison time frame for the Analytics Dashboard
Analytics users can: choose the time frame for which they want to view metrics for compare and analyze data with another time period Note: By default, dashboards display data for the entire community for the last 30 days. To set a specific date range or date: To view or compare data for specific date ranges Select the date range using the dashboard date-range menu. Select one of the following from the menu. By default, the date range is set to Last 30 days for all dashboards. Last 7 days: Data for the previous 7 days from the current date Last 30 days: Data for the previous 30 days from the current date Last month: Data for the first to last day of the previous calendar month Last 3 months: Data for the first to last day of the last 3 calendar months Month to date: Data for the first date of the current calendar month to current date Year to date: Data for the first date of the current year to current date Specific date: Data for any specific date Custom: Data for any range of dates. To select a specific date range, click Custom from the date picker. On the window, select the starting and ending days on the calendar. After you select the dates, click Set Date Range. The dashboard displays data for the date range selected. To set a comparison time frame: Use the Data Comparison Time Frame settings to gain insights into how your community has performed over time. Previous period: Compares the currently selected period in the dashboard settings to the previous matching period. For example, if the current period is Last 30 days, the comparison is to the previous 30 day period. Previous year: Compares the current selected period to the same period last year. For example, if the current period is Last 7 days, the dashboard displays comparison data for the matching dates last year. Note: All the trend graph widgets have the checkbox for Previous Period or Previous Year, depending on the dashboard settings. When you select the checkbox, the data for the comparison time frame is displayed. Here’s an example to better understand the comparisons: Assume today is January 1, 2023, and the currently selected period for the chart is Last 7 days: Comparison Time Frame Current dates Comparison dates Previous period December 25, 2022 to December 31, 2022 December 18, 2022 to December 24, 2022 Previous year December 25, 2022 to December 31, 2022 December 25, 2021 to December 31, 2021 Related topics: About Aurora Analytics Aurora Analytics Metric Definitions Aurora Analytics ReportsAbout Aurora content filters
Communities are meant to be a safe space where members should feel welcomed and engaged. Sometimes, members post objectionable content that may offend other members and negatively impact the community’s overall health. Objectionable content can include inappropriate language or any other terms you might not want to see in the community. Aurora offers content filters as part of its moderation tools to prevent objectionable content from appearing in posts, replies, tags, private messages, profile information, and member registration. When members use inappropriate words across the community, content filters identify them and prevent the content from being published or replacing the words with pre-defined replacement terms. In other cases, content filters just record the objectionable content posted across the community without taking any action. Content filters can also be used to ensure that the correct words are used across the community to improve content consistency. For example, you could create a content filter to replace old product names with the correct product name. Aurora includes several default filters that can be triggered when someone registers, posts, adds a tag, sends private messages, or updates their profile information. Default Filter Applies to Filter action Smut Posts and replies Prevents objectionable language from appearing in posts. Replaces offensive terms with neutral or slightly humorous ones, if configured to do so. Remember, you don’t want to prevent members from posting messages; you just want to keep the language clean. You may want to have your moderators keep an eye out for members who repeatedly use filtered language. Keyword Posts and replies Manages specific words or phrases. Content for this filter may include product and company names—both your own and those of competitors. When filtered keywords are used in content, moderators are notified. Optionally, the terms are replaced with more appropriate or the correct term. Login User signups (Registration page) Prevents people from registering to the community with an inappropriate username or profile info (system default action). Note: The Login filter is not applied if you are using an SSO implementation that passes the person’s username to the community. You must have a system on your side to deal with this situation. Tag Tags added in posts and replies Prevents members from tagging posts with objectionable words. Replaces with an alternate tag if configured to do so. You can add terms to these default filters or edit default filters as needed. You can also add new filters to perform these actions when the filter terms are identified in the community: Do not allow: Prevents members from posting content or replies, registering to the community, adding tags, updating profile information, and sending private messages till the filter term is removed. This more heavy-handed approach runs the risk of either challenging members to find a way to defeat it or alienating them. When filter term is identified, the following error message is displayed: Replace term: Replaces the offensive term with another term. This is the most common way of handling smut filter infractions. You can configure what term to replace words that match this filter in the Replacement term field. When the filter term is identified, it is replaced with the configured term after you post the content. Check inline HTML and do not allow: Prevents the members from posting anything that contains a filtered term after ignoring inline HTML. For example, the term “crap” written in inline html format, “c<b>r</b>a<br>p” in any new post is identified as the filter term after ignoring the inline html. Take no action: Does not take any action on the filtered terms that appear across the community, but records in Content Filters dashboard to notify moderators about these terms used across the community. Tip: Replacement terms are often a better management strategy versus preventing members from posting, as some people might take it as a personal challenge and invest tremendous effort in attempting to circumvent your filters. Another way these members may try to circumvent your filters is by using variations of banned words. For that reason, you may want to plan ahead for possible misspellings or other variations when creating your content filters. Note: Content filters are not case sensitive. For example, to filter for “Test,” “test,” and “TEST,” you need to enter only the term “test” while creating the filter.Aurora: Reporting inappropriate content and member profiles
It is essential to maintain the cleanliness of the online communities and ensure a curated experience free from inappropriate content such as objectionable images, abusive language, spam, harassment, and more. The Report Content feature aligns with DSA standards, empowering community members to report undesirable content. They can report community posts (including comments and replies), Events, Private Messages, and User Profiles. Anonymous reporting is available for both posts (including comments and replies) and User Profiles, ensuring a safer and more compliant online community experience. Note: To enable this feature, contact Support. Let’s walk through an example on how to report a post. Go to the community post that you want to report. Open the Options menu. Select Report. A window opens: Select a Reason and optionally add details. Click Report. You receive a confirmation that the report has been sent to the moderation team for review. Moderators can view this report in the Manage Content dashboard. They can then take appropriate action on the report from here. Similarly, you can report: Private Messages: Moderators can take appropriate action from the Manage Content page. Member Profiles: Moderators can take action from the Abuse tab: Report content anonymously: When users report a post/member anonymously (without signing in), they'll be prompted to enter their Name and Email address. This feature comes with a reCAPTCHA protection. If they have a registered email ID, members are asked to sign in before reporting; if not, they can proceed with reporting the content anonymously. Note: To enable reCAPTCHA protection, contact SupportAurora: Search for specific content on the Moderation tab
On the Moderation tab, you can filter and search for specific posts that are sent for moderation. You can filter the content by moderation status, publication status, and content types. You can also filter by the title or author of the post. To filter for specific content in the Moderation tab: Sign in to your community as a Moderator. Open the Account menu and go to Manage > Moderation. The Moderation tab is displayed with the list of posts and comments (replies) sent for moderation. To narrow the results displayed, click Filters. In the Moderation Status section, select any of the following: Unmoderated: Displays the posts, replies, and comments that are sent for moderation. By default, this option is selected. Rejected: Displays the posts, replies, comments, and private messages that have been rejected. You can take further actions on rejected posts or private messages. Learn more about viewing rejected posts on the Moderation tab. If the Moderation status is set to Unmoderated, you can further filter the results by: Status: Select the publication status (Published or Unpublished) of the post. Found In: Select the content types (Forums, Blog Comments, Knowledge Base Comments, Ideas, and Event Comments) you want to see. To see everything, select All. If the Moderation status is set to Rejected, you can further filter the results by: Posts and Replies: Displays posts, replies, and comments that have been rejected. You can also select the Reject Reason for which the posts were rejected (Spam, Abuse, or Other) and can search based on the Keyword and Author of the post. Private Messages: Displays private messages that have been rejected. To facilitate faster search results while moderating content, a filter for media is available on the Moderation tab in the Mange Content dashboard. The Moderation tab is updated based on the provided search criteria.
