In this article:
- Establish Your Category Tree and Experience Portal Category
- Create Groups and Set Permissions
- Assign Users to Groups
- Set Experience Portal Page Visibility
Managing who has access to the content within your Experience Portal happens in two places:
- Your MediaValet DAM – where asset and category permissions live.
- Your Experience Portal – where users experience and engage with content built using those assets and categories.
These two systems don’t share permissions directly, but they work together to ensure each user group sees the right content.
1. Establish Your Category Tree and Experience Portal Category
The DAM determines who can access which assets and categories.
When setting up your category tree, be thinking about your Experience Portal users:
“Which assets should be available to which user groups?”
Your answer guides the creation of DAM Groups, which become the foundation for what the same users can see inside the Experience Portal.
Here are a few sample statements we often hear from customers:
- “I want external vendors to access approved vendor logos and photography.”
- “I want my design team to have the ability to upload assets and manage metadata and categories in my DAM, but not users.”
- “I want general employees to access most categories but only share and download from a few.”
We’ll come back to these examples in a bit.
Tip: We recommend creating a folder within your category tree specifically for your Experience Portal. Because assets can be hosted in more than one category, this will help organize content that should eventually be shared with Experience Portal users without disrupting your larger DAM library.
2. Create Groups and Set Permissions
Groups can be created and managed in your DAM under Settings > Groups. Here, you can view established system groups or create custom groups unique to your Experience Portal.
System groups feature pre-determined permissions and cannot be changed. Custom groups allow administrators to design group permissions from scratch or by using a system group as a template.
When creating a custom group, you’ll determine the group’s actions and access:
- Select View/Edit under Actions. Actions determine what users can do within the DAM. The actions you assign here will apply to all categories this user group has access to. To learn more about what each option means, visit this article.
-
- Select View/Edit under Access. This determines what categories user groups can access. Learn more about category access management here.
Important note: The Experience Portal inherits the DAM permissions, so keep the goals you have for your Experience Portal user in mind as you assign group permissions. For instance, if you don’t want a user group to be able to download a category in your Experience Portal, don’t grant download access to that category in the DAM.
Putting It In Practice
If we take another look at the examples from the previous section, we can apply these different levels of access and action to the groups we want to permission:
| Example | Potential Permission Solution |
|
“I want external vendors to access approved vendor logos and photography.”
|
A custom group like Vendors with access to only the Vendor Logos and Photography categories. |
|
“I want my design team to have the ability to upload assets and manage metadata and categories in my DAM, but not users.”
|
A system group like Library Admins with access to the whole library. |
|
“I want general employees to access most categories.
|
A custom group like General Employees with access to the categories they'll need. |
3. Assign Users to Groups
Once you’ve created the groups relevant to your Experience Portal, it’s time to add users to those groups. Users are managed within your DAM under Settings > Users. Users can either be credentialed users or uncredentialed (external) users.
-
Credentialed (SSO) users: If you haven't already established authorization rules, you’ll need to create the default group(s) for your SSO users. This will be the group(s) the majority of your general users will fall into. Select Authorization Rules from the Users dashboard to create or confirm.
Authorization rules in Users. - External users must be added manually or ingested as a bulk upload and placed into the correct user group. See below for how to set up external users.
Users can only be assigned to one group, but you can make as many groups as you need and users can be reassigned to groups at any time.
How Users Gain Access to Your DAM and Experience Portal:
Standard SSO User
Once SSO and authentication rules are established, when a regular user (non-admin) SSO user signs in for the first time:
- They’ll authenticate through SSO.
- An account will be created for them in the DAM and the Experience Portal.
- They’ll be placed into their assigned DAM Group.
- They’ll receive the User role in the Experience Portal. This means they can view but not manage content.
Note: User roles—what they can do within the site—can be edited within the Experience Portal under Members.
DAM Administrators
When an admin signs in for the first time:
- They’ll authenticate through SSO.
- An account will be created for them in the DAM and the Experience Portal.
- Because of the authentication rules you’ve put into place, they’ll be placed into their administrator level‑DAM Group.
- They’ll receive the Administrator role in the Experience Portal. This means they can manage content.
Note: DAM admins automatically become an Experience Portal admins—no extra setup needed.
External (non-SSO) User
External (non-SSO) users are added to the DAM manually or ingested as a bulk upload and placed into the correct user group. Login credentials will need to be shared by the administrator. To add an external user manually:
- In the DAM, navigate to Settings > Users > Add New User.
- Fill in the required information and select the correct user group.
- Uncheck the two boxes at the bottom of the form and select Add.
An account will be created for them in the DAM and the Experience Portal. They’ll receive the User role in the Experience Portal. This means they can view but not manage content.
-
An administrator can then share the login credentials with the external user:
Experience Portal URL login page: (i.e. https://mediavalet.beambrandcenter.com/login) - User name
- Password
Note: Users must agree to MediaValet’s Terms and Conditions before proceeding.
4. Set Experience Portal Page Visibility
Once you have groups created and users assigned to them, you’re ready to segment content within your Experience Portal.
- Login to your Experience Portal as an Admin.
- Go to the Page Settings for the relevant page through either My Site or the Pages section of the CMS.
- Navigate to the Visibility tab and select the groups that should be able to access the page.
- Select Save Changes when finished.
Note: Pages can be assigned to groups at any point, but those pages only become visible to permissioned users once the page is published.