When defining custom visibility categories, administrators can specify groups that are permitted to view specific content. Visibility categories are available with plans that include read permissions.
In the context of visibility, a group represents a collection of users permitted to access specific content, e.g. partner companies or vendors allowed to contribute or update content or data in website areas reserved to them. Before groups can be specified in custom visibility categories, however, they need to be set up in your IdP configuration where they can then be assigned to users. Note that Scrivito uses group names merely as identifiers, i.e. they don’t have any meaning. Also, Scrivito doesn’t take account of implicit group assignments (based on rules). As a consequence, such implicit assignments need to be made explicit. For obvious reasons, it is essential that group names are defined and used consistently.
As a user logs in to a Scrivito-based website, the IdP generates an OAuth ID token that Scrivito uses to identify the user. If groups have been set up, the ID token includes a
groups claim indicating to Scrivito the groups that have been assigned to the user. By means of those groups, Scrivito can then determine the visibility categories applicable to the user, and grant or deny them access to a particular page.
The structure of an ID token containing a
groups claim looks like this: