Invotra Extranet Functionality

What are external users?

Invotra’s extranet portal lets organisations open their content to users who are involved in, but are not employees of the organisation. This guidance outlines the following:

  1. Roles and permissions
  2. Managing your extranet
  3. Glossary

 

Roles and permissions

 
External user permissions

The external user exists outside of the organisation, they will have access to the:

  • Extranet homepage
  • Specific site sections
  • Personal feed
  • Personal content page
  • Profile page
  • Apps
  • My content page

Note: It is possible to grant additional access to other chosen sections, apps and entities (user profiles, teams, and locations).

 
Homepage

External users will be redirected to a homepage specifically designed for them so they have an area to go where they can start navigating the site (to areas they have access to).

This homepage will not be customisable and will display areas that the external user has access to.

 
Content

External users will only be allowed to view content which has been created in a section they are a member of. Any attempt to view a document which they do not have permission to view will result in an access denied message.

Content which is added to a site section that the external user is not a member of, but added via a widget that the external user is a member of, will be hidden. So potentially hiding the entirety of the widget.

Pages which external users have access to and display any content will be filtered to only display content the user has permission to view, such as the feed, where feed messages include content.

 
Interactions

External users will be able to perform the following:

  • Vote on polls, outside groups
  • View, post and edit their own comments
  • Upload files to the system via profile image
  • Use the WYSIWYG authorised user text format
  • Report comments
  • Favourite, rate or follow content
  • Edit their own profile settings
  • Edit their own account settings
  • @mention others

In contrast, external users will not be able to:

  • View other profiles
  • Follow other users
  • Create any apps content
  • Create any content, unless given a section specific role
  • Search from toolbar

Note: these are the base permissions for the external role only

 
External users accessing Groups

External users will be able to access the Invotra Groups application. They will be able to:

  • Join public groups
  • Request to join private groups
  • Be invited to secret groups
  • Post content, polls & comments in any group they are a member of
  • Interact with content in any group they are a member of

Note: External users will not be able to create groups themselves

 

Managing your Extranet

 
Adding external users to your site
  • The external user role can be added or removed in a profile’s account settings by a webmaster
  • When the ‘External user’ role is selected all other roles will be deselected to stop global permissions going to external users

As a webmaster:

  1. Go to user’s profile
  2. Select ‘Account settings’ in the top right tabs
  3. Select ‘Global Roles’
  4. Select ‘External user’
  5. Save

 

Additional access for external users

As a webmaster:

  1. Go to ‘Administration’ from the workbar
  2. Locate ‘People and Teams’, ‘User settings’, and select ‘External user access’
  3. Use the checkboxes to enable the apps and entities external users can access
 
Apps
  • Groups
  • Ideas
  • Message Wall
  • Queries
     
Entities
  • Users
  • Teams
  • Locations

This provides external users the same access as an organisational user, with the exception that an external user cannot create groups. 

 
Flagging a user as an external

Users who are part of the organisation will be granted the organisational user role, which already has defined permissions

Users who are not part of the organisation will be granted the external role, which will have their own permissions.

This role can be added/removed via account settings, by the webmaster.

When the external role is selected, all other roles will be disabled to prevent accidentally granting global permissions to external users.

If SSO is being utilised then this role will be automatically granted, when they authenticate for the first time based on a specific attribute. For example, if person type = member then grant the ‘External’ role.

 
Extranet homepage

The External homepage is where external users are redirected to by default

To configure the homepage:

  1. Go to ‘Administration’
  2. Locate ‘Extranet’ and select ‘Homepage’
  3. To configure the available widgets- Select ‘Edit’ and then ‘Widgets’
  4. To choose layout- Select ‘Edit’ and then ‘Layout’
  5. Select ‘Save’
 
Giving external users access to a section

As a section manager:

  1. Go to your section
  2. Select ‘Options’ and ‘Manage’ from the top right of the screen
  3. Select ‘+ Add Member’
  4. Search username and select external user
  5. You can select multiple external users, their chip will appear below the search and select field when they have been selected
  6. Select ‘Next’
  7. The next screen will ask: ‘You are adding external users. Please be aware, you are giving the selected user access to view this section and its content’
  8. Select ‘Confirm’- The external user now has access to the section and all related sections
 
Giving external users a role within a section

As a section manager:

  1. Go to your section
  2. Select ‘Options’ and ‘Manage’ from the top right of the screen
  3. Select the checkbox to the left of the external user’s name
  4. In the ‘Action’ dropdown, select ‘Add Role(s)’
  5. Select ‘Next’
  6. Check the box to choose the role you want to give the external user, it can be more than one
  7. Select ‘Next’
  8. In the next screen, check the details and select ‘Confirm’

The external user now has the same permissions an employee (organisational user) would have, and they will also receive email notifications should any changes be made to content.

 
Section manager restricting a site section

Section managers have the ability to restrict their section if they only want members of that site section to view the content added to it. 

To do this, the section manager can select the ‘Restricted checkbox’ Please see screenshot below:

 
Adding teams to a site section

Section managers will have the ability to add a team to a site section, which is done through the add team button from the site section manage page.

During the process of adding a team, the user will be given the ability to choose whether or not to include the children of the selected team as well.

If the team contains external users then a message will be displayed on the confirmation page, informing the section manager that the team contains at least one external user.

After a team is added to a site section, the team will appear in a separate table from the user table to differentiate teams from users. Users in the chosen team will now have access to view the site section. This will not affect organisational users on public site sections as they already have the permission to access.

 
Removing and adding teams

There may be updates to a team in the future such as the removal or addition of users. This will be automatically updated, so in the case a user is added to a team, they will then be given access to the site section the team was added to. The same will apply vice versa for removing users.

Adding a team gives the users in that team access, there will not be the ability to give roles to a team. If a user requires a role then they should be added via the add members page.

Permissions will cascade. Teams in a parent site section will also be granted access to child site sections. In order for this to work, external users will need to be added to a team either manually or automatically via SSO.

 
Glossary
Teams:
  • An organisational unit or department which is hierarchical
  • They contain members and team administrators
    • Members include both organisational users and external users
 
Site sections:
  • A web page which content is added to
  • Each site section has their own editorial team and membership
  • Unrestricted site sections are available for all organisational users to access
    External users will not be able to access unless they are added, either individually or by the team they are in
 
Team administrator:
  • A role which is applied when adding an administrator through a team’s members page
  • Able to manage the members and edit the team they are an administrator of
  • Can create child teams