Create and edit a security domain

Last updated Friday, February 26, 2016 in Sitecore Experience Platform for Administrator
Keywords: Security

You can create extra domains, for example, for the website of another company or a subsidiary. This is a task for a security architect.

This topic outlines how to:

Create a domain

To create a domain:

  1. Log in to Sitecore, and on the Launchpad, click Domain Manager.

    cms_LaunchPad_DomainManager

  2. In the Domain Manager, in the Domains group, click New.

    cms_all_DomainManagerWindow

  3. In the New Domain dialog box, enter the name of the domain and, if you want the domain to be managed locally, select the Locally Managed Domain check box.
  4. Click OK. This adds the new domain to the /App_Config/Security/Domains.config file. For details on how to configure the new domain, see the comments in that file.

    Note

    In a multi-server setup, you must manually add the new security domain to the Domains.config file on each server.

Assign security accounts to a domain

Because a domain is also a security construct, it must contain users and roles before it has any meaning. You can only assign security accounts to a domain when you create a new user in the User Manager or create a new role in the Role Manager. You cannot change the domain of an existing account.

Note

A security account can only be assigned to one domain. If, for example, a user needs to access multiple domains, you must create separate roles for each domain that they need to access and make the user a member of all the relevant roles.

Edit a domain

When you edit a domain, the only setting you can change is whether the domain should be a locally managed domain.

Note

In a locally managed domain, the users and roles are domain specific and the users can only see the items in the domain that they belong to and not the other domains in the system.

To edit a domain:

  1. Open the Domain Manager and click the domain that you want to edit.
  2. In the Domains group, click Edit.
  3. In the Edit Domain dialog box, select or clear the Locally Managed Domain check box.

Delete a domain

If you no longer need a domain, you can delete it.

Important

When you delete a domain, the security accounts that belong to the domain are not deleted. To make sure that you do not have accounts that cannot be used, you should either delete the users or roles or make sure that they are members of another role that belongs to a domain.

To delete a domain:

  1. Open the Domain Manager and click the domain you want to delete.
  2. In the Domains group, click Delete.