User Access Lifecycle Management: Access based on employment?

[italynstylion]

Weird thread title I know....sorry for being vague

Basically, what I'm trying to do is make a vBulletin site where employees from two companies have access to register for the forum. Essentially, the forum will have somewhat confidential information inside of it and I want to limit access based on current employment by either of the two companies. This way, in the event someone leaves the company or gets fired they will no longer have access to the forum. I'll have access to two different employee databases (one per company) and I'm envisioning some sort of vBulletin utility that checks these databases for a user. If they exist then they get in.

Any tips or ideas for how to do this?

[Elixar]

I would say that you would need a modification created for this. Try posting a request here.

[italynstylion]

I've crafted a solution for this (described below) that seems to work quite well. More testing is needed but preliminary testing yields the desired results.

Here's how you you set it up.

(Step 1)
Setup your forum so that only registered users can view it.

(Step 2)
Configure "user registration options" such that new users who register will receive an email with a registration confirmation link that they MUST click to activate their account. This ensures that bogus emails can't be used.

(Step 3)
ForumsMods designed a vbulletin mod that allows only certain email address domains to be used for registration. For example, @GMAIL.com would allow all Gmail addresses to be used. But if I didn't explicitly state @HOTMAIL.com then all users trying to use a hotmail account (or anything else) would be denied registration. I've personally installed this mod on VB 4.2.2 and it works like a charm! So the first step to achieving role based access (based on employment status) would be to use this mod to define email domains for your company or companies. This assumes that your company already has a means for deactivating past employee email accounts.
(mod link)--> https://vborg.vbsupport.ru/showthread.php?t=188418

(Step 4)
Dragonbyte Tech has blessed us all with a great security mod for vbulletin that increases security in many different ways. The features list is quite long but the main feature we are interested in is the "universal password reset" function. This allows an administrator to reset everyone's password except yours (the admin). This feature is actually available in the Lite version. Install the mod so you can gain this very important feature.
(mod link)--> http://www.dragonbyte-tech.com/product/123-vbsecurity/?

(Step 5)
Now that you have the VB Security mod installed go to your admin panel under Dragonbyte VB Security and change the options for "Security Watchers: User Data". This configuration gives you the ability to have the mod log changes to user profile fields and perform certain actions should a criteria be met.
Setup a rule that states if a user changes their email address the forum will automatically send the admin an email and the user will be banned. Since email addresses don't change while an employee is employed this will alert you to someone trying to retain access following employment termination.

(Step 6)
Set a calendar reminder to reset all passwords after a specified time. I'm choosing every 90 days as that will likely be sufficient for my needs. When the password is reset all users will get an email stating their password was reset. This email will include their user name and a temporary, randomly generated password. The email even includes a direct link for them to reset the password. I'm choosing to let my users use their old password so I don't piss them off
What's important here is that if the user no longer has access to the email address associated with their account they will NOT be able to reset their password and therefore will not have access to the forum.



And that's it! Now you have a way of ensuring your entire forum is locked down to ONLY users who have company email access. Enjoy!