Setting Up Experience Portal User Groups, Roles, and Permissions

In this article:

  1. Establish Your Category Tree and Experience Portal Category 
  2. Create Groups and Set Permissions 
  3. Assign Experience Portal Roles to Groups
  4. Assign Users to Groups
  5. Set Experience Portal Page Visibility

Managing who has access to the content within your Experience Portal happens in two places:

  1. Your MediaValet DAM – where asset and category permissions live.
  2. Your Experience Portal – where users experience and engage with content built using those assets and categories.

These two systems don’t share permissions directly, but they work together. Follow the steps below to ensure each user group sees the right content. 
 


1. Establish Your Category Tree and Experience Portal Category

The DAM determines who can access which assets and categories
When setting up your category tree, be thinking about your Experience Portal users:

“Which assets should be available to which user groups?”

Your answer guides the creation of DAM Groups, which become the foundation for what the same users can see inside the Experience Portal. 

Here are a few sample statements we often hear from customers:

  • “I want external vendors to access approved vendor logos and photography.”  
  • “I want my design team to have the ability to upload assets and manage metadata and categories in my DAM, but not users.”  
  • “I want general employees to access most categories but only share and download from a few.” 

We’ll come back to these examples in a bit.

Fig 1.png

Tip: We recommend creating a folder within your category tree specifically for your Experience Portal. Because assets can be hosted in more than one category, this will help organize content that should eventually be shared with Experience Portal users without disrupting your larger DAM library.

 

 


2. Create Groups and Set Permissions

Groups can be created and managed in your DAM under Settings > Groups. Here, you can view established system groups or create custom groups unique to your Experience Portal. 

System groups feature pre-determined permissions and cannot be changed. Custom groups allow administrators to design group permissions from scratch or by using a system group as a template. 

When creating a custom group, you’ll determine the group’s actions and access:

  • Select View/Edit under Actions. Actions determine what users can do within the DAM. The actions you assign here will apply to all categories this user group has access to. To learn more about what each option means, visit this article.
  • Screenshot 2026-03-05 at 1.21.55 PM.png

     

  • Select View/Edit under Access. This determines what categories user groups can access. Learn more about category access management here. 
  • Screenshot 2026-03-05 at 1.18.41 PM.png

Important note: The Experience Portal inherits the DAM permissions, so keep the goals you have for your Experience Portal user in mind as you assign group permissions. For instance, if you don’t want a user group to be able to download a category in your Experience Portal, don’t grant download access to that category in the DAM. 

 

Putting It In Practice

If we take another look at the examples from the previous section, we can apply these different levels of access and action to the groups we want to permission:

Example Potential Permission Solution

“I want external vendors to access approved vendor logos and photography.”

 

A custom group like Vendors with access to only the Vendor Logos and Photography categories.

“I want my design team to have the ability to upload assets and manage metadata and categories in my DAM, but not users.”

 

A system group like Library Admins with access to the whole library. 

“I want general employees to access most categories.

 

A custom group like General Employees with access to the categories they'll need.

3. Assign Experience Portal Roles to Groups

Once your groups are set up, you can control what each group can do inside each Experience Portal by assigning them a role. Roles are managed in the DAM and are assigned per group. Learn more about what roles can do here.

Role What they can do
Administrator Full control of the portal and access to the CMS: create, edit, and delete pages; manage menus, forms, users, and settings.
Editor Can access the CMS. Can create and edit pages within their assigned page user group. Cannot manage menus, forms, users, or settings.
User Can view pages they are permissioned to see, but cannot create or edit content or access the CMS. Can download or share assets as determined in the DAM.

To assign roles:

  1. As an administrator, in the DAM, go to Portals and select the Experience Portals tab.
  2. Find the portal you want to configure and click Manage Portal Access.
  3. For each DAM group listed, select a role from the dropdown: Administrator, Editor, or User.
  4. Click Save. Changes apply immediately.

Note: Role assignments are per portal — the same group can have different roles on different Experience Portals.

Screenshot 2026-07-09 at 11.45.02 AM.png
Assigning roles to user groups within the DAM.

4. Assign Users to Groups

Once you’ve created the groups and roles relevant to your Experience Portal, it’s time to add users to those groups. Users are managed within your DAM under Settings > Users. Users can either be credentialed users or uncredentialed (external) users. 

  • Credentialed (SSO) users: If you haven't already established authorization rules, you’ll need to create the default group(s) for your SSO users. This will be the group(s) the majority of your general users will fall into. Select Authorization Rules from the Users dashboard to create or confirm.

    Screenshot 2026-03-10 at 12.19.15 PM.png
    Authorization rules in Users.

     

  • External users must be added manually or ingested as a bulk upload and placed into the correct user group. See below for how to set up external users.

Users can only be assigned to one group, but you can make as many groups as you need and users can be reassigned to groups at any time.


Initial Experience Portal Access:

Standard SSO User

Once SSO and authentication rules are established, when a regular user (non-admin) SSO user signs in for the first time:

  1. They’ll authenticate through SSO.
  2. An account will be created for them in the DAM and the Experience Portal.
  3. They’ll be placed into their assigned group and role with the correct level of Experience Portal access.
DAM Administrators 

When an admin signs in for the first time:

  1. They’ll authenticate through SSO.
  2. An account will be created for them in the DAM and the Experience Portal.
  3. Because of the authentication rules you’ve put into place, they’ll be placed into their administrator-level group.
  4. They’ll receive the Administrator role in the Experience Portal. This means they can manage content.

Note: DAM admins automatically become an Experience Portal admins—no extra setup needed. 

 
External (non-SSO) User

External (non-SSO) users can request access to an Experience Portal by clicking on the "Request Access" link on the Experience Portal's login page and filling out a short form. Experience Portal admins will be able to review and approve or deny the request directly within the portal and assign the user to a group. If approved, the external user will receive an email to create a password and a link to access the Experience Portal. 

Note: Users must agree to MediaValet’s Terms and Conditions for the request to submit successfully. 

Screenshot 2026-07-08 at 9.38.02 AM.png
Requesting an Experience Portal account as an external user.

5. Set Experience Portal Page Visibility 

Once you have groups created and roles assigned, you’re ready to segment content within your Experience Portal. 

  1. Login to your Experience Portal as an Admin.
  2. Go to the Page Settings for the relevant page through either My Site or the Pages section of the CMS. 
  3. Navigate to the Visibility tab and select the groups that should be able to access the page. 
  4. Select Save Changes when finished.
Fig. 8.png
Assigning page visibility in the Experience Portal.

 

Note: Pages can be assigned to groups at any point, but those pages only become visible to permissioned users once the page is published. 

To block a group from accessing a portal entirely: Unselect that group from the homepage's Visibility tab. Because all other pages in the portal sit under the homepage, removing a group's access to Home effectively prevents them from accessing the entire portal.

Was this article helpful?
0 out of 0 found this helpful