Versions Compared

Old Version 34

changes.mady.by.user Carter Snowden II

Saved on

compared with

New Version Current

changes.mady.by.user Carter Snowden II

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin
Div
stylewidth:300px;overflow:hidden;float:left;
Panel
borderColor#ddd
bgColor#fbfbfb
borderStylesolid

Help Contents

Page Tree
rootHome
sortnatural


Search Wiki Help

Livesearch
spaceKeyHELP

Div
styleoverflow:auto;margin-left:10px;min-height:600px;
Panel
borderColor#fff
bgColor#fff
borderStylesolid
Section
bordertrue
Column
width50%

Users and Groups

Account creation for MIT

Users

Community members

  • A basic account is automatically created when an MIT certificate-bearing or Touchstone authenticated user first
arrives on a protected wiki space or first clicks on
  • logs in to the service. When a new user attempts to access a protected site, that user will be propmted to log in. A new user can also log in by explicitly clicking the 'Log In' link.

Non-MIT

usersA non-MIT user (that is, a user not bearing an MIT personal certificate) arriving on a protected wiki space, or on clicking the 'Log In' link, is redirected to a username/password login page. If the user does not yet have an account, he/she can follow a 'Sign up' link from that page. Submission of the registration form causes a basic account to be created. The registrant's username will map to whatever the user has entered as their email address. Once the account has been created, the user can be given permission in your wiki space, either as an individual or as a member of an associated Moira group (see below).
Username/password accounts are disallowed for email addresses ending in '@mit.edu and '@<something>.mit.edu' since anyone with such an address is eligible to use MIT's preferred authentication methods (personal certificates, MIT Touchstone). There is one exception to that rule: Users with email addresses ending in '@alum.mit.edu' are not eligible for certificates and are therefore allowed to create username/password accounts

' guest' users

  • Non MIT people must create 'collaboration accounts' in MIT's Touchstone single sign-on service. Once such an account has been created, a basic guest-level wiki account will be auto created the first time the collaboration-account bearing user logs into wikis.mit.edu.
    A space administrator can then give the person an appropriate level of space permissions by specifying the person's touchstonenetwork.net identity on the space's permissions page.
    Note
    titleA note about Collaboration accounts..

    Note that a collaboration account user's username is not the same as that person's email address, but rather takes the form..
    identity_n@touchstonenetwork.net
    ..where identity is generated from the person's email address, and n takes care of potential duplicates.
    For example, a user who has registered for a Collaboration account using the email address..
    joe.schmoe@flub.edu
    ..will have a touchstone collaboration identity of joe.schmoe_1@touchstonenetwork.net.
    A user who registers subsequently using email address..
    joe.schmoe@something.com \
    ..will have a touchstone collaboration identity of joe.schmoe_2@touchstonenetwork.net.

    *The Touchstone collaboration identity – not email address – is used as the person's username in wikis.mit.edu*

    Info

    To identify Touchstone Collaboration account users, use the search facility (magnifying glass icon) on your space's Edit Permissions page:
    Image Added
    Remember: Non-MIT people will not come up in your search until they have:

    • created a Touchstone Collaboration account
    • activated their Touchstone Collaboration account
    • gone to https://wikis.mit.edu/ and logged in at least once using their Touchstone Collaboration Account identity.

If you need help in determining the Touchstone collaboration identity of a user, contact wiki-support@mit.edu.


Wiki Group Membership

  • Wiki groups map to Moira groups and Stellar class membership lists. In order to add a user to a wiki group, add that user to the proper Moira group or Stellar class group.
  • Any Moira group can be associated with a space. A space administrator can asociate any Moira group with his/her space. A periodic (several times a day) feed synchronizes internal wiki groups with their corresponding Moira groups. Non-MIT users can be added to the Moira group as type STRING.
    The Stellar feed is more infrequent (generally twice a day).
  • It is not necessary to use Moira groups to control acces to wiki spaces. Access to some wiki spaces can be controlled at the individual user level as well.
  • If a
non-MIT
  • Touchstone collaboration user is detected in the Moira feed, a basic account will
not
  • be created automatically.
However, once a non-MIT person has registered an account, that person will be picked up and given permission to the space as of the next Moira-wiki feed. You can also (again, assuming the user has created an account) give the person access to the space as an individual user. Note that for non-MIT users, their email addresses are their usernames, and any uppercase characters in that username are changed to lowercase.
  • All user accounts are included in a base-level group named confluence-users. This group can not be modified via Moira.

Default Groups

  • confluence-users contains all people with Confluence accounts
  • - both MIT and non-MIT
  • mit-users contains all people with MIT kerberos accounts
  • anonymous a pseudo group equivalent to everyone in the world without an account, used for the purpose of setting a space to be world-accessible.
Column
width50%

Managing Groups

Creating and managing Moira lists for wiki access and administration

The recommended practice is to use at least two lists for your wiki space. One list should contain regular users of the space, and the others should contain space administrators. Members of the MIT community can create Moira lists at:
http://wserv.mit.edu/lc/

Note
titleWhen creating lists..
  • Create "traditional" Moira lists, not Mailman lists
  • You, as space administrator, should be a member and administrator of any Moira list you create for use in your wiki space.
  • All Moira lists must also be AFS groups
("traditional" groups)
  • and should be 'visible'. This is important. Be sure to check the appropriate
checkbox
  • radio buttons and checkboxes.
  • Create an admin list for the space
. Include yourself in it, and
  • .
    e.g. mygroup-wiki-admin
     Make yourself the list owner. 
     note that after creating the list, you may wish to add others to it and to make it a self-administered list (set the listowner to be the list itself).

e.g. mygroup-wiki-admin
  • You can do this at: https://web.mit.edu/moira//
  • Create the user-level list for the space. Make the owner of this list admin group you just created.
    e.g. mygroup-wiki
    You can add usernames to the group at: https://web.mit.edu/moira/
  • Non-MIT users should be added to Moira lists as type 'string'.
  • Manage your
new
  • Moira
list

Using Existing Moira lists and Stellar class lists.

If you have existing lists you'd like to use for wiki access, you can do so.

Note
titleExisting Lists..
  • Be sure that the lists are AFS groups.
  • The Registrar's office auto-populates Moira lists corresponding to the class membership. These lists can be useful if no Stellar site exists for a class. Contact the Accounts group (accounts@mit.edu) for more information.
  • Stellar class lists can be used for access to a class wiki space. Contact class-wiki-support@mit.edu for more information.

Associating your group(s) in Confluence

A periodic feed populates Confluence with the groups you have created in Moira. Once your groups have been picked up by the feed, space administrators can use them to control access to your space within Confluence.
In your wiki space:

  • Go to Browse Space -> Space Admin -> Permissions
  • Click edit permissions and add your groups under the 'Groups' heading. Modify permissions as appropriate, then click 'Save all'.