Reporting Spam
No one likes spammers, including the Khoros Community team! Here are some methods for reporting spam on our community. Spam in Private Messages: Did you receive a suspicious Private Message from another user? To report this issue to our team, click on the gray three-dot menu at the right side of any message and choose Report Message, and we'll handle the abuse as soon as possible. Please include the username and content of the message you received. Spam in Posts:If you spot a forum post, question, or blog comment that appears to be spam, please flag it to the Khoros Community team by clicking the grey gear icon at the top right of a post and select "Report". Be sure to note that the post appears to be spam. Thanks for your help in keeping the Khoros Community spam free! If you are looking for information on how to handle spam on your own community, we recommend that you read our Tips on combatting spam and check out our documentation on the new spam management tools. Please note you'll need to be a customer or partner to view these articles, including having the respective roles on Atlas. Reach out to communityhelp@khoros.com for assistance.Aurora: MultiAuth SSO
Communities require diverse authentication methods to accommodate varying member segments like employees, customers, etc.Admins can offer multiple sign-in options simultaneously, providing enhanced flexibility. These options include: Khoros SSO Up to three IDPs for SAML More than three IDPs for OIDC/OAuth2 (OIDC can be configured via admin only) Note: Contact Support to enable this feature in your community. After the feature is enabled, you can see the Sign-In Display option under Settings > Systems > ACCOUNT > Sign-in. Edit the Sign-In Display option to configure the sign-in options you want to provide your members and how you want to display the sign-in options. Below is an example on the list of sign-in options you can configure. From here, you can: View all available sign-in options for your community. Add a welcome note that will be displayed when users are on the sign-in page. Turn on or off the sign-in options you prefer. Edit the labels of the sign-in buttons. Rearrange the order in which the sign-in options appear on the sign-in pages. Choose to display the sign-in options as buttons for member sign-in. If you select the Display as sign-in button option, members see a sign-in button. If you de-select this option, members see a sign-in form instead. Related topics: About Khoros Aurora Single Sign-On (SSO) Khoros Aurora SSO auto-sign in Configure SSO settings for the communityAbout Aurora Analytics
To have a successful community, you need to know what’s working and what needs improvement. Aurora provides a robust set of analytics so you can get actionable insights to drive traffic and member engagement. You can determine what kinds of content needs improvement, what your members steer away from, and what they want more of from your community. These metrics help you learn where your members come from, what type of content they engage with, and where to focus on to reach new people. Having clear data enables you to plan towards community goals and make informed decisions to change course when things aren’t working. Aurora Analytics provides visual dashboards and interactive reports to provide you with high-level and detailed data on how your community is performing. Note: Currently, users can see the metrics up to the previous day in Aurora Analytics.. Data is reported in Coordinated Universal Time (UTC). Accessing Aurora Analytics To access Aurora Analytics, open your Account menu and click Analytics. Note: Members must have anAdmin or Analytics role to access Aurora Analytics From the Analytics page, you can access Dashboardand Reports. The Dashboardprovides you with an “at-a-glance” view of the activities that best indicate the overall health of your community and member engagement across your community. You can customize Dashboard settings to your requirements and get the most out of your data analysis. Reports present you with key metrics on content, boards, categories, and members in a tabular format. Related topics: Accessing Analytics Dashboard Dashboard Settings Aurora Analytics Metric Definitions Aurora Analytics Reports Refer to the Khoros Communities Analytics Essentials course for training on Communities Analytics.Aurora Community static IP addresses
A variety of Aurora Community integrations may require allowlisting IP addresses associated with requests to external resources or services. Some example integrations include: API Event Subscriptions (webhooks) Certain types of SSO, like OAuth 2 or OpenID Connect Custom Freemarker components using the http.client context object Custom back-end integrations built by Professional Services If your Community-related security architecture includes IP based allowlists, the following values can be used: AMER production: 34.218.217.104, 34.208.76.195, and 35.155.246.68 AMER stage: 35.167.51.70, 35.155.246.43, and 52.41.143.85 EMEA production: 52.213.102.195, 34.246.41.42, and 34.246.43.26 EMEA stage: 52.214.128.6, 52.51.95.11, and 52.208.187.165 APAC production: 54.206.152.214, 52.65.188.98, and 13.239.46.46 APAC stage: 3.105.80.217, 3.105.88.113, and 13.55.41.72 Note: The listed IP addresses are associated only with outbound requests from Community and are not valid for inbound requests to the Community. Community IPs used with inbound requests are variable and change over time. Do not use these IPs as an element of any DNS record. If you're unsure if your Community is hosted in the AMER, EMEA, or APAC region, contact Khoros Support.Aurora: Extract member-specific information
If you have the Advanced Analytics role, when you schedule the Members report, you can choose the additional user information you want to download along with other member data available in this report. To download additional information from the Members report: On the Members report, open the Options menu and click Schedule Reports. Enter a title for the report and frequency at which this report must be generated and emailed to you. Choose from the list of member specific data provided under Include additional user data. Click Submit. The data that you choose is extracted along with the other fields in the Members report. Related topics: Schedule Analytics reports to be emailed to you View scheduled reports Download reportsAurora Analytics Dashboard Settings
Depending on your role or what actionable data you are trying to gather, what you need from your community dashboards may vary. With Aurora Analytics, you can customize Dashboard settings to your requirements and get the most out of your data analysis. Analytics users can: customize Aurora Analytics Dashboard settings to scope data to the entire community or to a specific place in the community choose the time frame for which they want to view metrics for compare and analyze data with another time period set the parameters for trending discussions. set parameters for the maximum time limit to apply in the Ideas by Age Chart Related topics: About Aurora Analytics Aurora Analytics Metric Definitions Aurora Analytics ReportsAurora: Manage Follow and Notification preferences for your account
You can manage your follow and notification preferences for the community. Open the Account menu, and then click MySettings. Click Follows & Notifications.The page is divided into different areas for managing your follows and notifications: Follows Email Notifications Advanced Settings Follows You can filter the items you follow by clicking the drop-down menu (by default, All is selected) and choosing from among All, Content, Boards, Categories, Groups, or Tags. Once you’ve chosen your filter, you can hover your cursor over the followed item you want to manage, click the options menu, and Unfollow. Email Notifications To adjust your email notification preferences, Get Email Notifications must be turned on in your settings. When this is enabled, additional settings (Receive email notifications when…) appear that enable you to indicate the desired cadence for receiving email notifications. For all settings (except Edits are made to an article within a category or board I follow), you can select Never, Immediately, Daily Digest, or Weekly Digest from the drop-down menu. For the Edits are made to an article within a category or board I follow setting, you can choose from Never, For all edits (includes minor edits), or For all but minor edits. If you select any option but Never, email notifications for this setting are sent immediately. For settings on which you’ve selected Daily Digest or Weekly Digest, applicable notifications are bundled and sent together in one daily or weekly email, respectively. All settings indicate the feature area of the community to which they apply, such as All boards or KB articles and blog posts. Settings related to content apply to all content that you follow in the area indicated. Advanced Settings The following settings, which apply to both in-app (bell icon) and email notifications, enable you to personalize when you receive certain notifications. Select an option from the drop-down menu for each setting. When I’m following a Forum Discussion, notify me about New topics and replies New topics only Send me notifications on posts I have already read Never Always Related topics: About the member Profile page Manage community preferences for your account Manage security settings for your accountAurora: Consent to add external videos to posts
To further comply with the latest privacy regulations, we have introduced a new enhancement to view external videos on the community. We have prioritized member’s compliance by ensuring that external video providers cannot drop cookies without explicit user consent. Members are now required to explicitly consent to the use and storage of third-party cookies from external video providers before streaming content on the community. This measure ensures that both community and external video provider cookies comply with regulations, protecting member data and maintaining compliance standards. Note: This feature is set by default. If you want to change the default settings, contact Support. Below is an example of how this banner appears when you add external videos to Blog posts. Learn more about adding media to your contentAbout Aurora OIDC/OAuth2.0 SSO
OpenID Connect (OIDC) is an SSO implementation based on OAuth2. Refer to the official OpenID Connect specs for more information. OIDC Quick Start Common OpenID Connect terms: OP = OpenID Provider, also known as the Identity Provider (IDP) RP = Relying Party, also known as the Service Provider (SP) OpenID Connect typically follows this workflow: User requests to sign in. User is redirected to OP’s sign-in URL, and OP redirects the user to the RP with an authorization code sent as a query parameter value. RP sends a back-channel request to the OP’s token API with the OP-provided authorization code to retrieve the ID and Access Tokens. The ID Token is retrieved from the token response and is parsed as a JSON Web Token (JWT). The JWT is validated and decoded. (JWT validation should follow the signature specified in the OpenID Connect specifications.) The JSON payload is retrieved from the JWT and is parsed for claims to be set to the user’s community profile. If a user profile endpoint is configured, an additional call is made to the endpoint passing the access token using Bearer Authorization. (OIDC feature supports both GET and POST requests to the user profile endpoint. This is configured within the Provider settings.) Claims returned from the user profile endpoint are parsed and set to the user’s community profile based on configured Claim Mappings. Community checks to see if the user already exists with the specified SSO ID; if so, the user signs in to an existing account; if not, a new account must be created. User resumes browsing Khoros Community in signed-in state. OAuth 2.0 typically follows this flow: User clicks the sign-in/registration link or takes an action that requires sign-in. User is redirected to a Khoros endpoint that builds the IDP/OP's sign-in URL based on configured attributes and the user state (that is, the page they were on when they initiated sign-in), and then redirects the user to the built sign-in URL. User signs in or registers. If the app is not on the allow list, the user will be prompted to give access to the Aurora Community app. The user is redirected to a callback URL on Community and an authorization code is included in the request as a query parameter. Community reads the authorization code. Community makes a back-channel API call to the OAuth provider to exchange the authorization code for ID and access tokens. The ID Token is retrieved from the token response and is parsed as a JSON Web Token (JWT). Optionally, the access token is then passed using Bearer Authorization in a subsequent API call to obtain additional user attributes such as SSO ID, e-mail address, display name, etc. Community checks to see if the user already exists with the specified SSO ID; if so, the user signs in to an existing account; if not, a new account must be created. User resumes browsing Khoros Community in signed-in state. Enable OIDC/OAuth 2.0 SSO for the Aurora Community Before you begin setting up OpenID Connect SSO for Community, you must gather this information: Client ID Client Secret Authorization Endpoint URL Token Endpoint URL (OIDC only) Expected “Issuer” for JWT validation (OIDC only) JWKS URI pointing to sign-in keys Claims mapping to map the minimum Community profile attributes to claims returned by the Token Endpoint URL and/or User Info URL. The required attributes that must be mapped are: SSO ID Login Name Email Address Note: When adding Claim Mapping during Provider Creation, the keys for the above values are “ssoid,” “login,” and “email,” respectively. After you have gathered the information listed above, you must create a Provider within the Community. Note: For a detailed description of all the OIDC/OAuth 2.0-related provider settings, review Aurora OpenID Connect/OAuth 2.0 setting descriptions. To create a Provider: Go to Settings > System > Account > OIDC/OAuth Providers > Add Provider. For each tab, enter this information: Name: Used to more easily distinguish a given provider in the UI. ID: Used in the Community sign-in URL, sign-out URL, and callback URL to distinguish between each provider configuration. Check out the examples below to see how these URLs are constructed. Client ID: Determined by the app created in your OP. Client Secret: Determined by the app created in your OP. Authorization: Enter authorization URL, Response Type, and Scope. Token: Token endpoint URL, expected Issuer, and JWKS URI. In addition, claim mapping must be added either here. The required profile attributes mentioned above must be mapped to an associated claim for SSO to function properly. For example, if the “sub” claim will be used for SSO ID, beside Claim mapping (ssoid required), click Add Parameter. Then enter “ssoid” into the Key field, and “sub” into the Value field. User Info: Fill in if any claim mappings come from a user info endpoint. Insert the user info URL and add any claim mapping. Click Create. After the provider has been created, you must define the registration and sign-in URLs so the Community knows where to direct users when they sign in. To define the registration and sign-in URLs, see Configure SSO settings for the community. When creating the app in the OP, you might be asked to specify a callback URL. The callback endpoint uses this format: https://<communityhost>/t5/s/auth/oauth2callback/providerid/<providerid> For example, if a Community at https://community.acme.com was configured with Provider ID “acme,” the URL would be: https://community.acme.com/t5/s/auth/oauth2callback/providerid/acme Note: If your Aurora community is configured for Reverse Proxy with Subdirectory, your endpoint paths are pushed up into the reverse proxy path similar to other URLs in your community. Related topics: Aurora OpenID Connect/OAuth2.0 setting descriptions
