Site Factory

Specifying login authentication mode

Applies only to Drupal 7-based websites hosted on Site Factory. For single sign-on (SSO) in websites running the current Drupal version, see Setting up single sign-on.

Depending on how you configure the Site Factory websites that you administer, you can allow all of your users sign-in access to all of your Drupal 7 websites, or you can require that each website has its own list of authorized users. Site Factory supports two methods for tracking and authenticating users who access the Site Factory Management Console and Site Factory-hosted Drupal 7 websites:

  • OpenID mode - All accounts are based on OpenID accounts. Any OpenID-enabled account associated with Site Factory is an authenticated user. This is the default mode.

  • Hybrid mode - While users with administrative OpenID accounts can log in to the website, the website can create its own local private accounts, and site administrative permissions are based on these private accounts. Hybrid mode is incompatible with single sign-on (SSO) or any process that redirects a user to an external sign in.

To change the mode that Site Factory uses for your websites, contact Acquia Support.

Account registration settings for Hybrid mode

For Hybrid mode to work properly, account registration settings must be properly configured by following these steps:

  1. Sign in as an administrator to the Drupal website that you want to change.

  2. In the admin menu, click Configuration.

  3. In the People section, click Account Settings.

  4. In the Registration and cancellation section, in the Who can register accounts? list, click Visitors.

  5. Click Save Configuration.

Important details about Hybrid mode

You should not implement hybrid mode without carefully considering the implications that making the change will have on your website’s users.

Switching back to OpenID breaks accounts

If you change the login mode to Hybrid and then change back to OpenID, any local accounts created on your websites will no longer work, even if you change back to the Hybrid mode.

Administrative access in Hybrid mode

In Hybrid mode, OpenID users only have access to the website, and do not have administrative access. You must manually add administrative permissions and roles to OpenID accounts that require administrative access.

First-time logins and OpenID

In Hybrid mode, OpenID users must use the management interface when signing in to websites for the first time for the website to create a local account based on the OpenID account. After creating the local account, OpenID accounts can then either sign in directly to the website or use the management interface.

Note

If you create a local account for a user before the same user signs in with their OpenID account, the website merges the user’s local account with the OpenID account.