Gemini has a variety of options for modifying the security of your installation. Gemini allows for the use of social media APIs, such as Facebook and Open ID. You may also modify and change additional security options, such as password policies, and user groups that are assigned to the Portal Group.
Self-registration and Unathenticated Access
Check the 'Allow users to self-register' check box if you want new visitors to the Gemini site to be able to register themselves. This option does not allow such self-registered users to control their permissions and their access will be controlled by the New User Default Groups that are also defined on this page.
Check the 'Allow users to browse Gemini without logging on first' to allow unauthenticated access to your Gemini site. Unauthenticated users will be given permissions associated with the user group 'Everyone', which is different from the user group 'Everyone (Authenticated)', allowing you to control what they can see and do on the site.
Social Media APIs
Check this option if you want to allow users to authenticate themselves using Open Id standards. If enabled, users will be able to log on using their Yahoo and OpenID credentials.
Check this option if you want to allow users to authenticate themselves using faceboook. To use this option, you must create/enter Gemini's facebook app id (see facebook documentation for more on their authentication with 3rd party apps).
Google Authentication using OAuth 2.0
Check this option if you want to allow users to authenticate themselves using Google. To activate Google Authentication for Gemini, follow these steps:
- Login with your google account on https://console.developers.google.com
- Click on "Create Project" and fill in the details.
- Google will create the project and redirect you to the project. Click on APIs & Auth -> Credentials
- Click on "Create new Client ID" and fill in the details. Replace "localhost" and "localhost/gemini" with your Gemini URL and click on "Create Client ID"
- You should now see your Client ID and Client Secret. Copy the Client ID and Client Secret from Google Developers Console.
- Enable Google Authentication from Customize -> People -> Options and paste the Client ID and Client Secret.
You can obtain the OAuth 2.0 credentials Client ID and Client Secret from https://console.developers.google.com.
Google authentication OAuth 2.0 is backwards compatible and will recognize your already registered user.
You can set the password policy in terms of re-use, expiry, format and re-tries attempts.
Password Reset and New User Options
- You may specify the email subject line and message for the password reset email, which will be sent to users as part of the 'forgotten password' process.
- As an additional security measure, you may force new users to reset their passwords immediately after logging on for the first time.
- You may also specify the default group that new users will be assigned if you do not specify a group(s) for them.
The Portal Group is an assigned group of users that are restricted to the 'Can Only View Own Items' permissons setting. It is advised to assign the Portal Group as an external group.
- You may edit the Welcome Title and Welcome Message that Portal Group users are greeted with when logging in to your Gemini installation.
Watch How To Do It: Security Options
The following video will help provide an overview of security options and the Portal Group within Gemini.