Managing access to your world
Different types of users
There are 4 types of users in WorkAdventure:
Anonymous users
An anonymous user is a user that connects to a map without being authenticated.
Anonymous users are great if you want to grant access to your world to anyone without the need to register. Simply give them the URL of your world and they will be able to join.
Anonymous users cannot access the same features as authenticated users. In particular, they cannot:
- send direct messages to other users using the chat
- open chat rooms (even public ones)
Because anonymous users are not authenticated, they are harder to moderate. WorkAdventure will give you the ability to ban them by IP address, or by ID. A unique ID is tied to their browser session, but clearing the cache will reset that ID. Banning by IP address is more effective but can inadvertently ban other users that would be sharing the same IP (in the case of a shared network office or VPN).
Allowing / forbidding anonymous users
In the left sidebar, click the Authentication menu item. From this page, you can enable or disable the access to anonymous users.
The Mandatory authentication option allows you to force users to authenticate before entering your world. Checking this box will prevent any anonymous user from entering your world.
When enabled, users will be redirected to the login page when they try to access your world.
Please note that they could still access your world if you allow them to self-register (see the visitors section below).
Visitors
A visitor is a user who self-registers an account in your world. Registration is done from the login page, using the "Register" button.
Visitors can also register using the social login buttons of the login page (LinkedIn, Google, GitHub, etc.).
Unlike anonymous users, visitors can access the chat features of WorkAdventure. The can:
- send direct messages to other users using the chat
- open and participate in chat rooms (provided the chat room is public)
Visitors are easier to moderate than anonymous users. They are authenticated, so you can ban them by their ID.
Because visitors are self-registered, nothing can stop a user from creating many accounts with many email addresses. As an administrator, you cannot be sure of the identity of a visitor.
Visitors do not have tags. They are all equal in terms of rights and access to rooms. If you want to grant special rights to a visitor, you should make them a member.
Can I access the list of visitors?
Not right now. The list of visitors is not yet available in the dashboard. When we make it available, we will first ask you to describe your use case for visitors data (what you are going to use it for). This is mandatory to comply with the GDPR.
Allowing / forbidding visitors
From within the Authentication page, you can enable or disable the access to visitors.
The Allow self-registration option will open or close the possibility for visitor to register themselves.
Members
A member is a user that was added to your world by an administrator. The administrator can grant members various tags, which can be used to give special rights to members, or access to special restricted rooms.
Members are the most controlled type of user. They are added by an administrator, so you can be sure of their identity.
Members are attached to worlds. Each world has a different set of members.
Members can have special "tags". Tags are used to give special right to members - like the ability to connect to some room, the right to moderate a meeting room, or the right to send a global message to anyone.
Dashboard administrators
The administrator can manage worlds, members and rooms.
An administrator has access to one organization. An organization can have multiple worlds.
By default, the person who created the organization is the administrator.
Granting administrator privileges
An administrator can decide to upgrade any member to an administrator.
To upgrade a member to an administrator, go to the member's edition page, and check the "Provide owner access to this member" box.
