Reader management

Users are people who can create, edit, and manage your knowledge base content. They have access to the backend of the application, and you pay for the users on your account. There are two main types of users:

• Admin Users: Account administrators have access to everything in your account.
• Non-admin users: Non-admins are granted permissions by the admins on a per knowledge base level. For each knowledge base, a user can be an editor, a writer, or have no access.
  • Editors have access to all settings on a knowledge base, including settings, security, and styles.
  • Writers can only create and edit content (categories and articles).
  • Users with no access will not be able to view a knowledge base in the backend.
  • Non-admin users can be given access to Readers.

Readers are people who can view your knowledge base. They only have access to the frontend (the knowledge base). You can have an unlimited number of readers on your account. 

Readers are users that can log in and view your knowledge base. Sites can be set up to allow readers to log in to view additional content or only allow readers with logins to access the site.

Readers can be assigned to groups that have access to specified content. All categories and articles can be viewable by all readers or only by specific reader groups, which can be set up under Your Account > Readers.

To create a reader...

1. Go to Your Account > Readers.
   
   
2. Click on Add a Single Reader.
   
   
3. Specify a Login/Username. If you are using admin managed passwords, you will set up a  Password too. If you are using self-administered passwords, the system will automatically send a welcome email with a temporary password. Password types and emails can be customized under Readers > Settings.
   
   
4. (Optional) Assign the reader to the appropriate groups. Click Add Group to create a new group for the reader.
5. Specify your Group Name.
   
   
6. Click Create Group. The new group will be pre-selected as the Reader Group. 
7. Select which Help Sites (knowledge bases) the reader will be able to access.
8. Click Save to create the new reader.

You can create groups to restrict access to content.  

To create groups...

1. Go to Your Account > Readers.
2. Click on Groups.
3. Click on Add Group.
4. Specify the Group Name.
5. Click Create Group.

From this screen you can also...

• Rename a group by clicking on the little wrench icon to the right
• Delete a group using the red x icon, and 
• Reorder the way groups appear in the editor using the up arrow icon.

Your groups will appear in the editor for categories and articles, allowing you to restrict the content to this groups.

Even in public knowledge bases, you can restrict some content so that it is only visible to specific readers. To do so, create a reader group or groups and then restrict the category or individual articles to that group.

How does restricted content work?

Readers must be logged in to see content that is restricted. When content is restricted:

• Only readers who belong to the restricted group(s) will be able to see the content in the Table of Contents
• Only readers who belong to the restricted group(s) will see the content in Search Results
• Readers who do not belong to the restricted group will get a "You don't have access to view this" page if they enter the direct URL for the content

Restrictions can be set:

• At the category level: restrictions set here will automatically cascade to all articles or sub-categories as long as those sub-categories and articles have "None / Inherit" selected.
• At the article level: restrictions set here apply only to the individual article and don't impact other articles or categories in any way 

Restrict access based on Reader Groups

1. If you do not have your reader groups set up, you will need to set them up by following these instructions. 
2. Create a new category or article (or edit an existing one by clicking on the wrench icon to the right of any content) inside Knowledge Base > Articles.
3. In the edit view for the category or article, select the Reader Groups should be able to view this content under Restrict to Groups in the right-hand column:
   
4. Click Save.

If more than one group is selected, does a reader need to belong to all or only one of the groups?

This depends on your knowledge base's settings. Two Reader Group Logic options are supported:

• Inclusive: Readers can see content when they belong to at least one designated group (multiple groups are treated like an "or")
  • Example: An article is restricted to groups "Apples" and "Bananas". The article can be viewed by any reader in groups "Apples" OR "Bananas".
• Exclusive: Readers must belong to all designated groups (multiple groups are treated like an "and")
  • Example: An article is restricted to groups "Apples" and "Bananas". The article can only be viewed by a reader in groups "Apples" AND "Bananas".

By default, all knowledge bases are set to Inclusive Reader Group Logic. You can check or update this by going to Settings > Security and checking the Reader Options section:

When logged into the knowledge base as a user, you will be able to simulate what the site looks like for different groups by click on Change Reader Groups. If you want to actually test the readers, follow these instructions:

1. Go to your knowledge base home page. The URL should end in "/help", "/home", or "/docs".
2. Append "/readerlogout" to the end of the URL. The URL should now end in "/help/readerlogout", "/home/readerlogout", or "/docs/readerlogout"
3. Hit enter (or return) to go to this new URL.
4. Log in to your help site with the reader you wish to test.

1. Go to Settings > Basic.
2. Select the option to "Add a reader login / logout link".
3. Click Save.
4. Click View KB.
5. Click on Login in the top navigation bar to log in as the reader you wish to test.*

*The login button will not automatically appear if the Body HTML under Settings > Style has been modified. The Login and Logout buttons can be added by using the following merge code: [template ("login")]. If you do not wish to add these buttons, you can follow the first set of instructions to Test access based on Reader Roles, which allows you to log in and log out by altering the URL.

1. Go to Your Account > Readers > Settings.
2. Password Management: Choose whether you want to manage reader passwords or have them manage their own. We recommend self-administered passwords because few people have time to deal with forgotten password issues. This is an account-wide setting but can be overwritten on individual knowledge bases for accounts with multiple knowledge bases under Settings > Security.
3. Password Attempts: Choose whether or not you want to allow unlimited password attempts. By default, reader accounts are locked for 20 minutes following 3 unsuccessful attempts.
4. User Logins: Choose whether to allow KnowledgeOwl users to log in as readers (recommended and on by default).
5. Restricted IP Protection: Optionally restrict reader logins to a specific IP address or list of IPs as a form of two-factor authentication (password AND IP address).
6. Case insensitive Logins: If using admin managed passwords, choose whether or not you want the usernames to be case-sensitive.
7. Save.

1. Go to Your Account > Readers > Settings. Make sure "Allow readers to administer their own passwords" is selected for Password Management to be able to see the Self-Administered Reader Options.
2. Password Expiration Interval: Specify at what interval reader passwords will expire, forcing the reader to choose a new password. The options are:
   • Never (default)
   • Every Month
   • Every 2 Months
   • Every 3 Months
   • Every 6 Months
   • Every Year
3. Repeat Password Limitations: Choose whether and how to limit password reuse when resetting passwords. The options are:
   • None (default)
   • Cannot use previous password
   • Cannot use previous 2 passwords
   • Cannot use previous 3 passwords
   • Cannot use previous 4 passwords
   • Cannot use previous 5 passwords
4. Custom Validation Rule: Create your own password validation using RegEx. You can find prewritten validation rules using your favorite search engine. Check out this Regular Expression Libraryfor some examples.
5. Custom Validation Description: This message will be displayed on the password reset screen if you have a custom validation rule. Use it to tell your reader about the rule so they can create a password that works.
6. Auto-assign Group Rules: If you are using group rules to automatically assign your readers to groups, use this setting to ensure that reader groups will update based on the rules each time a reader logs in. This allows you to create new rules and have it automatically applied to existing readers, but it will override any  groups you might have set manually. Do not choose this option if you are manually setting reader groups.
7. Reader Signups: Add a reader signup link to your login page so you reader can sign up own their own. By default, new readers will be added and a welcome email sent with a temporary password. You can optionally choose to require an admin approval before the welcome email is sent, and you can set up notification email to inform you are new reader signups or signup requests.
8. Signup Notification Recipients: Specify which emails or list of emails to send notifications when a new reader signs up or requests access.
9. Save.

Password management for readers can be set up under Your Account > Readers > Settings and allows you to choose how reader passwords are set. There are two options for reader password management:

• Managed Passwords: Passwords can only be managed by KnowledgeOwl admins (default)
• Self-administered Passwords: Allow readers to administer their own passwords by email

Allowing readers to administer their own password also enables reader welcome emails,  password reset emails, and reader signups. Emails are not sent for managed passwords.

Managed passwords

Managed passwords can only be set and reset by a KnowledgeOwl admin (user with reader admin permissions). When using managed passwords, you will need to give the reader his or her username and password through your own system. If the reader forgets his or her password, they will need to contact you to retrieve or reset it. No welcome or password reset emails are sent for managed passwords; all reader communication occurs outside of the KnowledgeOwl application.

When creating readers with managed passwords, you will need to set the password in the Admin Managed Password field when adding a single reader or have a column with the passwords when creating readers from a spreadsheet.

Self-administered passwords

Self-administered passwords are set and reset by reader via email. When using self-administered passwords, readers are sent a welcome email containing a temporary password and will be asked to update their password when they first log in.  

If a reader forgets or wants to reset his or her password, there is a "Reset Password" option on the login page. Clicking "Reset Password" allows a reader send a temporary password to his or her email address to create a new password. For this reason, usernames should be an email address for self-administered passwords to work properly. 

KnowledgeOwl admins can reset self-administered passwords either by sending a new temporary password or manually setting a temporary passwords; readers will be asked to update their password when they use the temporary one.

Reader welcome and password reset emails can be customized under Your Account > Readers > Settings.  Reader emails are account-wide so the same email is sent for all knowledge bases in an account.

When creating readers with self-administered passwords, readers will automatically be sent a welcome email with their temporary password when you add a single reader or create readers from a spreadsheet.  If you do not want the welcome email sent when creating new readers, you can temporarily choose Managed Passwords, create the readers with an admin password, and switch back to Self-Administered Passwords.  The admin password will then be used as a temporary password; readers will be asked to update them when they log in.

Account-wide password management

Reader settings are account-wide so the password management option will apply to all knowledge bases on an account by default. Managed Passwords are the default option for password management. You can switch to self-administered passwords under Your Account > Readers > Settings.

Different password management for different kbs

You can choose to override the default account-wide password management option for individual knowledge bases under Settings > Security. By default, reader passwords will be set to "Use the account wide password management setting (default)". 

You can choose to use the default or override the default for a particular knowledge bases. There are three options:

• Use the account wide password management setting (default)
• Managed Passwords: Passwords  can only be managed by KnowledgeOwl admins
• Self-administered Passwords: Allow readers to administer their own passwords by email

Specifying the type of password management will override the default setting under Your Account > Readers > Settings.

You can allow your readers to sign up for access to your reader login restricted knowledge base. On your login page, this will add a link for those without an account to sign up for access.

Set Up Reader Signups

1. Go to Your Account > Readers > Settings.
2. Make sure that Password Management is set to "Allow readers to administer their own passwords".
   
3. Scroll down to Reader Signups under Self-Administered Reader Options to choose "Allow people to sign up to become a reader".
4. You can also choose to  set up notifications emails if you want to be alerted when new readers sign up. Notifications are especially helpful if you want to manually add the reader to groups to give them access to restricted content or you require approval before the new reader can access the site.
5.  If you want to require approval, choose "Require a KnowledgeOwl admin to approve new reader access" and be sure to set up notification emails so you are alerted when a new reader has requested access.
   
6. Save.

Add custom fields to the reader signup form

By default, the reader signup form requires an email, first name, and last name. You can choose to include up to 5 additional fields that will be mapped to reader custom fields 1-5. 

Reader signup custom fields

To add custom fields to the signup form...

1. Go to Your Account > Readers > Settings.
2. Scroll down to Reader Signup Custom Fields.
3. Add labels and check the box to enable the fields you want to collect. You can also choose to require the field.
4. Save.

The custom fields will be added to your signup and will also be included in your notification emails.

Reader signup form with custom fields

Automatic approval versus admin approval

The default behavior is to send new reader signups a welcome email with a temporary password immediately after they sign up. This allows new readers to sign up and gain access to your site without any approval process. 

You can choose the option to "Require a KnowledgeOwl admin to approve new reader access" to wait to send the welcome email and password pending approval. When a new reader signs up, they are requesting approval for access and will only get access after an admin user  approves them in KnowledgeOwl. 

Approve New Reader Signups

When a new reader sign ups, they will be added to Your Account > Readers in pending approval. You will see an alert on top of the Readers list if you have new readers awaiting approval, and you can filter the readers list to only view those pending approval by searching for "pending".

To approve the reader, click on the blue Pending icon (or edit the reader) and click on the link to "approve them here".

Here you can choose to give them access to the requested knowledge base and sent them the welcome email with a temporary password.

Manually Set Groups versus Auto-Assign Groups By Email Rules

New reader sign ups are not assigned to any reader group by default. Admin users can add new readers to groups manually after receiving a sign up notification or approval request, or you can create Email Groups to automatically assign readers to groups based on their email domain. 

To set up Email Rules...

1. Go to Your Account > Readers > Groups.
2. Click on Add Rule.
3. Set up your rule by specify a name, domain, and what groups the domain should get.
   
4. Click Save Rule. 

Note: Rules will only be applied when a new reader first signs up. To run the rules on  subsequent logins and allow rules to affect existing readers, choose "Override reader groups based on rule logic on each login" under Your Account > Readers  > Settings. 

Note: These rules do not currently apply to readers that come through remote authentication or any of the other SSO options that we offer.

You can create rules to automatically assign readers to groups based on their email domain. 

A common use case is to assign all readers with internal email addresses to an internal reader group. For example, here is rule that assigns all readers with a "knowledgeowl.com" email address to the "Support" reader group, giving them access to  content restricted to the group "Support".

Set up Email Rules

1. Go to Your Account > Readers > Groups.
2. Click on Add Rule.
3. Set up your rule by specify a name, domain, and what groups the domain should get.
   
4. Click Save Rule. 

Note: Rules will only be applied when a new reader first signs up. To run the rules on  subsequent logins and allow rules to affect existing readers, choose "Override reader groups based on rule logic on each login" under Your Account > Readers  > Settings.