Recruitment Marketing Public

Security Groups are used to restrict content to specified network addresses and ranges. Once defined, they can be applied at the campaign level or to specific pages within a campaign. This is useful for creating internal-only career sites where access must be restricted to a certain IP address or a specific range of IP addresses. This ensures that only users whose IP addresses are registered within the system are permitted access to the portal. In cases where users have hybrid roles, VPNs may be utilized to facilitate access from remote locations.

Security groups can be accessed via Company Settings, then Security groups.

Creating a security group

1. From the side menu, under Company, click Settings.
2. Under Security, click Security groups.
3. Click Manage Security Groups.
4. Click the New button.
5. Enter a Name.
6. Click the Save button.
   The new security group will be displayed in the Security Groups list.
   

You now need to add network rules to the group.

Creating security rules

1. Click the new security group Name. This will list all the rules of the group (none at present).
2. Click the New button.
3. Insert a valid CIDR address or network range.
   For more information on the CIDR format, refer to Classless Inter-Domain Routing.
   If you are unsure of the correct CIDR rules for your own network environment or business case, contact your local internal network administrator. IPV4 and IPV6 CIDRs are accepted.
4. Click the Save button.
   The new rule will be displayed in the listing.
5. Add more rules as required to a security group. The rules can overlap with other rules in any other security groups you may have defined.

Using security groups

Once your security groups are defined, they can be applied at a campaign level. By default, all published content on a campaign is publicly visible.

To restrict the content of a campaign to a security group:

1. From the side menu, under Content, click Web Pages.
2. Search for and click the Name of the relevant campaign.
3. Click Edit (pen icon) in the top right of the page.
4. Complete the following:
   1. Chatbot Active: Select this option if you would like to apply the Chatbot to all pages in the campaign.
   2. Security Group: Select the relevant group.
   3. Restrict to SAML2 authenticated internal candidates: Select if relevant.
   4. Allow iframes: Select this option to determine whether to allow the campaign content to be embedded.
5. Click the Save button to keep the settings.

All published content is now restricted to the selected security group. Any users outside the security group's network rules will be presented with an HTTP 403 error page, indicating that they are forbidden from viewing or interacting with the content.

Using security groups with search engines

Occasionally, there is a customer request to create a page that is publicly accessible but not automatically crawled by search engine bots.

Any page belonging to a security group enabled web campaign will be excluded from a career site's sitemap.xml endpoint and will have a robots meta tag added to it. Well-behaved search engines look at a site's sitemap.xml to learn about all of its pages. It will search for the robot's meta tag to see if it should index the page or follow links on it. To prevent search engines from doing this:

1. Create a security group with one CIDR with a value of 0.0.0.0/0. This is a special case CIDR, which indicates that anyone can view the page.
2. Edit the page's web campaign and set the security group.

3. Visit the career site's sitemap.xml, e.g., https://careers.<yoursite>.com/sitemap.xml and observe that the page is not listed. The following meta tag is added to the top of the page:

   <meta name="robots" content="noindex,nofollow">