[Image via Pexels]
Many customers use our Google Apps Login Enterprise version to restrict access to their WordPress intranet so that not only should it be inaccessible to non-employees, but certain groups of employees should have different WordPress roles, and perhaps some employees should not have access at all.
Why is this so important? In the past, employees worked on-premises, and it was easier to monitor who was working on certain documents and data sets at a given time. For example, if a project was in a draft stage — and not ready for the eyes of senior staff or outside consultants — an employee could hold the file on his or her desk until it was finalized. There were few ways for others to access the file short of stealing the physical copy.
Yet in today’s flexible working environment, employees are constantly logging in to work on projects from different locations and time zones. They might have separate sets of credentials after re-setting their password or for use on multiple devices. It’s much more complicated to confirm who is accessing and editing documents than when employees worked in the same physical space. If you’re trying to keep certain information privileged, tightening access measures can provide an extra security in this opaque environment.
In this post, we’ll break down how we’ve made permissions for users easier for admins to control.
Configuration Steps for Enhanced WordPress Security
For your sales team’s intranet, maybe you want things to work like this:
Members of the Google Group firstname.lastname@example.org should be Administrators.
Members of the Google Group email@example.com should be Contributors.
All other members of mycompany.com should be barred (as should non-employees and anyone who is not logged-in).
We’ve recently made this easier by combining improvements to the Enterprise product (version 2.8.2) and also our free All-In-One Intranet plugin.
Here we talk through the key configuration steps required.
Install your Google Apps Login Enterprise version and configure as directed – follow the instructions in Settings -> Google Apps Login, including setting up a Service Account.
You’ll also need to install All-In-One Intranet. Since that is available in the WordPress directory, the easiest thing will be to go to the Plugins page in your WordPress admin panel, click Add New, and then search for ‘All-In-One Intranet.’
There are quite a few steps required to configure Google Apps Login, so below we are just showing the screenshot of the Domain Control tab in Settings -> Google Apps Login from your WordPress admin panel, so you can see how to set up rules for the different Google Groups. You’ll also want to set the Default Role to ‘No Access’ to ensure non-employees, and those members of staff who aren’t in sales or management, won’t have access to the site.
At this stage, staff members should be able to use the Login with Google button on your WordPress login page to access the site. If they should have ‘No Access,’ then they won’t be able to do much in the admin panel, but everyone will still be able to view the front end of your website. That’s because WordPress is set up for your site to be public by default (users only need to be logged in to access the admin area).
This is where All-In-One Intranet comes in. Go to Settings -> All-In-One Intranet, and check the box labeled ‘Force site to be entirely private.’
Now, logged-out users and ‘No Access’ users should be forbidden from viewing any part of the site!
The above assumes you have WordPress in its default mode – if you are running ‘Multisite WordPress,’ you have a lot more flexibility over access to your various subsites — but that is for another post.
Please contact us if you have any questions at all!