This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Authentication Providers

1: Daxko Barcode Authentication

2: ReClique SSO Configuration

The authentication options available for gating your content depend on your Customer Management System (CRM). Currently, the following options can be used to control access to content within the Virtual Y website.

Personify

Single Sign-On (SSO)

Requires members to log in using their existing Personify CRM credentials.

Daxko

Single Sign-On (SSO)

Requires members to log in using their existing Daxko CRM credentials.

Note: Daxko API access is required and may incur API usage fees from Daxko. Contact Daxko for details on API access and associated costs.

Barcode Validation

Requires members to enter their barcode. The Virtual Y site validates the barcode against the Daxko system before granting access.

Set up Daxko Barcode Validation.

ReClique

Single Sign-On (SSO)

Requires members to log in using their existing ReClique CORE CRM credentials.

CSV File Uploads

Allows associations to upload a CSV file containing membership information to grant access. Two options are available:

CSV Upload without Email Verification

Upload a CSV file containing member email addresses. The Virtual Y site validates the entered email address against the uploaded list before granting access.

CSV Upload with Email Verification

Upload a CSV file containing member email addresses. The Virtual Y site sends a verification email to the address provided. The member must click the link in the email to gain access.

1 - Daxko Barcode Authentication

Open Y Gated Content (Virtual Y) release 0.13 includes a new authentication provider to support Daxko Virtual Areas. This allows associations using Daxko to set up Virtual Areas that enable members to access Virtual Y content using only their member barcode.

Instructions for setting up Virtual Areas are in Daxko’s documentation. If you need assistance configuring Virtual Areas, Daxko’s support team can assist you with setup: support@daxko.com.

Configuration

Enable Daxko Barcode Virtual YMCA integration.
OPTIONAL (but highly recommended): Configure reCaptcha settings at /admin/config/people/captcha/recaptcha.
Add your validation secret and form URL, and check the help messages at /admin/openy/virtual-ymca/gc-auth-settings/provider/daxkobarcode.
Save your settings.
Set Daxko Barcode as your main authorization plugin in the Virtual YMCA settings: /admin/openy/openy-gc-auth/settings.

Once enabled, the module allows granular configuration of messages that users will receive on the page. You can change “Barcode” to something different, like “Member ID”, and add help text to assist members in finding their ID. It also allows for global help text to direct members to help channels if they’re unable to log in.

The Daxko Barcode configuration form

Once the module is enabled, members will be presented with the appropriately titled field to log in to Virtual Y.

The Virtual Y login page with Daxko Barcode authentication and reCAPCHA enabled

Upon success, the user will be logged in to Virtual Y. Upon failure, the failure state will be returned along with a help message provided by the association.

The Virtual Y login page with an error from a failed authentication

Notes

Members with a Balance Due

Anyone with a balance due in Daxko doesn’t have access to Virtual Y [via Daxko Barcode]. A lot of the accounts with balances are families with memberships who receive state scholarships for child care. The balance in Daxko is the portion the state pays, so it’s a bit of a “fake” balance. Is there any way to allow any ACTIVE member to use [Virtual Y], regardless of whether they have a balance or not?

The fix:

There’s a setting on the Daxko Operations virtual area at Membership > Virtual Area > Virtual Y > Edit that you can check/uncheck for “Block access when balance due.” Unchecking that should let the member access the virtual area.

2 - ReClique SSO Configuration

The ReClique Core API enables check-in access by specifying a member’s email address. The following steps are necessary to fully configure the ReClique Provider for your Virtual Y site.

Acquire ReClique Core API Access

To get started, you will need to perform the following steps in the ReClique CORE portal, while logged in as a YMCA super admin user:

Locate and note your YMCA association’s YMCA ID, known within the ReClique CORE documentation as the “Association Slug”.
Create a separate user for executing the ReClique CORE authentication API and grant this user API-level access.

In Detail:

Log into the ReClique Core portal using a user with the YMCA super administrator role.
Click Profile in the top-right corner of the CORE portal.
The YMCA ID is the non-numeric part of the “Association Slug” in front of the numeric user ID. Note this value for use in the Verification URL. In this example, the text midtn is the association slug value and is needed for the YMCA ID.
Click Users from the navigation menu (Users > Add New User).
Select the + Add User / Staff button.
Create a stand-alone user for the purpose of executing API calls only. A suggested name is virtual_y, but any suitable name can be used.
Assign this user the API Access role by selecting Use Core API in the Other list of role options.

Configure the Virtual Y ReClique Provider

To enable the Virtual Y site to communicate with the ReClique Core API, you’ll need to configure the ReClique provider.

Navigate to the Gated Content Auth Setting Page at Manage > Virtual Y > Virtual YMCA Settings > GC Auth Settings.
The GC Auth Settings page, when loaded, will look like this:
Find the ReClique Provider option and click the Edit Action.

Enter Your ReClique Provider Settings.

The ReClique Provider configuration page allows the specification of permission mappings, settings for accessing the ReClique CORE authentication API, and Email Verification settings.

ReClique Provider Configuration Page

Specify Permission Mappings
This is used for User Segmentation. User Segmentation will allow YMCAs to segment content to particular Virtual Y roles based on membership types. Refer to documentation from the Open Y Community for more information about Setting up user segmentation.

Add ReClique CORE API settings

Add the values needed to connect to the ReClique Core API.

ReClique CORE API Settings

Field	Value
Verification URL	The API endpoint provided by ReClique to verify member logins. It takes the form `https://{Y_ID}.recliquecore.com/api/v1/members/virtual_y/?Email=` (This is the Production verification URL).
Authentication login	The login for the dedicated user created with ‘Use Core API’ access in the ReClique Core portal.
Authentication password	The password for the dedicated user created with ‘Use Core API’ access in the ReClique Core portal.
ID field text	The text to be displayed on the Virtual Y login form. The default value is “Enter your Email:”.

Specify the Email Verification options
This enables a one-time login link to be sent to the member’s email for verification. Here, you can configure the length of time the login link will last before needing to generate another, email verification text, and a message displayed to the member with instructions on how to proceed with logging into the Virtual Y site.
Specify the Verification Message
This is the message the member will see when logging in if they are inactive. The phone number must be added at the very least.
After configuring the ReClique provider, click Save.
From the GC Auth Settings page, ensure only ReClique Provider is selected and click Save.

Your ReClique Provider is now fully configured and ready for use.

To test, log out from the admin portal. You should now see your new login form configured and ready to accept input from the Home Page.

If a valid email address is entered and the member is active, the member will be allowed access to your gated content (videos, blog posts, virtual meetings).