Authorizing by UW Group ID

Last updated: January 12, 2023
Audience: All UW

Follow these step-by-step instructions to password protect your website such that only people who are members of a pre-defined group in the UW Groups Service can get in.  Here is the IT Connect page with information about the UW Groups Service.

Note: Groups with membership viewing restrictions will not work in .htaccess files, because the Web servers will not have permission to view the membership of the group. If you want to use groups with restricted memberships for website authorization, you need to add the UW Web servers to your group’s list of membership viewers. You can email help@uw.edu for the current identifiers for those servers.

To provide access to members of a group by referencing its UW Group ID:

  1. If you have not already created a group with the proper membership, use the Groups Web Service to create a group with the members you would like permitted to your site.If you do not have any groups yet, you should be able to start by creating groups with IDs like the following:

    u_uwnetid_purpose

    In this group ID, uwnetid is your UW NetID. The group ID “u_uwnetid” is your home group stem. You have default permissions to create groups beginning with your home group stem. The purpose component of the group ID is specific to the purpose of this group. Subgroups like u_uwnetid_purpose_specific can be created for more specific groups below the original u_uwnetid_purpose group.

  2. Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
  3. At the prompt, enter the following command to change directories to your Web directory:

    cd public_html

    If you want to protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:

    cd private

  4. At the prompt, enter the following command to create a .htaccess file in the current working directory:

    pico .htaccess

  5. If hosted on ovid (depts, staff, faculty, or courses), then add the following text to this file:
    AuthType Shibboleth
    ShibCompatWith24 on
    ShibRequireAll on 
    ShibRequireSession on
    require shib-attr isMemberOf urn:mace:washington.edu:groups:u_netid_myteam

    Substitute u_netid_myteam with the UW Group ID you want to reference for access control.

  6. Optional – If 2 factor authentication (2FA) is desired on depts, staff, faculty, or courses, then add the following text to this file instead:
    AuthType Shibboleth
    ShibRequestSetting requireSession true
    ShibRequestSetting redirectToSSL 443
    ShibRequestSetting applicationId 2fa
    ShibRequireAll on
    ShibCompatWith24 on
    require authnContextClassRef https://refeds.org/profile/mfa
    require shib-attr isMemberOf urn:mace:washington.edu:groups:u_netid_myteam

    Substitute u_netid_myteam with the UW Group ID you want to reference for access control.

  7. Save and close the file using Pico. (Click for instructions on how to use pico).
  8. You’re done! Confirm that password protection is working by having someone in the referenced group open your website with a Web browser.