The JWT reader accounts can be associated with any existing reader groups on the Document360 project, and the group restrictions can be applied to access specific content in the knowledge base. The JWT reader group is the same as a regular Document360 reader group with the same restriction settings.
What are reader groups in Document360?
Reader groups function as assignable permissions that limit what a user can read or view on any private knowledge base. Readers are required to log in with their credentials to access any private knowledge base on Document360.
For example, The sales team requires access to the pricing and billing articles, but they do not need access to the API or any other core technical articles. To address this requirement, a reader group can be created in the Document360 private project with access limited to the pricing category, and then the sales team member can be assigned to that reader group.
Reader Group IDs
For JWT SSO-enabled projects, users can view and obtain Group Id from Settings → Users and Security → Readers & groups → Reader groups tab.
The Group ID would be available below each reader group, and the copy icon would be at the right. Copy the required Group ID and configure it on your Payload.
The reader Group Id would only be available for JWT-configured projects and not regular private knowledge base projects.
Enabling JWT reader groups
- Obtain and copy the Reader Group Id by following the steps mentioned in the above section (Reader Group Ids)
- You can follow the below-mentioned JSON format and configure the relevant reader Group IDs
"username" = "firstname + lastname",
"firstName" = "firstname",
"lastName" = "lastname",
"emailId" = "user emailId",
"readerGroupIds": ["26b3812e-7879-4407-b1c9-5755c32b886a", "674eadcd-793f-4131-b1e0-c1f055cc83b7"],
"tokenValidity": 15 //minutes
- Paste the copied Reader Group ID in the ReaderGroupIds field like in the example shown above
- You can also add multiple Reader Group IDs using the comma (,) separation
"readerGroupIds": ["26b3812e-7879-4407-b1c9-5755c32b886a", "674eadcd-793f-4131-b1e0-c1f055cc83b7"]
- The token validity (in minutes) for the JWT reader can also be set
Add/Remove Group Ids in the Payload configuration
If a user adds or deletes a Group ID from the existing configuration on the Payload, this change passes only after the current session (token validity) is completed.
For example, Let's say the token validity is set at 30 minutes, and the user adds a new Group ID in the Payload using a comma (,) separation. This change would be amended only after the current session (30 minutes) is complete. The same applies if a Group ID is removed from an existing configuration.
When the JWT reader in the group authenticates and accesses the private knowledge base, the existing reader group restriction would be applicable, and the reader can only access the permitted project version, language, category, or articles.