Visitor and Editor Authentication Overview

[New in 1.7.0] Scrivito lets you restrict individual pages of your website so that only logged-in visitors have access to them.

Whether a page is public or restricted can be specified by editors. Once a page has been restricted and the working copy published, regular visitors of your website will not be able to view the page nor can it be found by a search. The page just doesn’t exist for them. There is even no low-level way to access its content.

Editors are free to remove the access restriction of a page to make it publicly available and findable by searches again after publishing.

To make restricted content available to authenticated visitors, your Scrivito app needs to be connected to an authentication service supporting OpenID Connect. After a visitor has logged in through such a service, your app receives a standard JWT ID token. Passing this token to Scrivito unlocks the restricted content for the visitor.

Editors can authenticate via an identity provider as well. For this, configuring your CMS on your dashboard is sufficient. Nothing needs to be changed in the app.

The documentation in this section covers the following topics: