/Marketing and Communications
CMS Web Support

Restricting Website Content with SSO (NetID Login)

Single Sign-On (SSO) allows you to restrict access to specific areas of your website so that only users with a valid Stony Brook NetID can view the content. Instead of being publicly accessible, these pages require authentication before loading, effectively placing them behind a login wall.

Request SSO Restriction

 

How It Works

SSO protection is applied at the folder level within Modern Campus CMS. Any page or file placed inside a protected folder will automatically require a NetID login to access, so content must be organized into clearly defined folders before it can be restricted. Access settings are not applied per page, but rather to entire directories managed by the Web Services team.

 

How to Request SSO Protection

To enable SSO, submit a request to the Web Services team specifying which folder or folders should be restricted. Once applied, all existing and future content within those folders will inherit the login requirement. Planning your folder structure in advance is critical, as reorganizing content later can be time-consuming.

 

When to Use SSO

SSO is best used for content intended for internal or limited audiences. Common use cases include internal resources for faculty and staff, student-only materials, committee or governance documents, and content that should not be publicly distributed. It is not intended for general website content or anything meant to support recruitment, marketing, or public visibility.

SSO provides controlled access, ensuring only authenticated users can view sensitive or internal information. It simplifies permissions by applying rules at the folder level and reduces the risk of unintended public exposure. However, there are tradeoffs. Content behind SSO cannot be indexed by search engines, meaning it will not appear in Google or other search results. It also cannot be accessed by users without a NetID, including external partners or prospective students.

 

Accessibility Requirements

Placing content behind SSO does not change accessibility obligations. All protected content must still meet Title II and WCAG 2.2 AA standards. This includes proper heading structure, alt text for images, accessible documents, and overall usability. Restricted access does not exempt content from compliance requirements.

 

Best Practices

  • Organize content into logical folders before requesting SSO so restrictions can be applied cleanly and consistently.
  • Limit SSO use to content that truly requires restricted access, and avoid placing broadly useful information behind login barriers. 
  • Keep folder structures simple and intuitive to reduce maintenance overhead. 
  • Review content regularly to confirm it still requires restricted access and remains compliant with accessibility standards.