By default, users who don't have an account or who aren't logged in to your Higher Logic Vanilla (Vanilla) community can still view content (but not participate).
If your organization would like to implement additional security to prevent these users from browsing your Vanilla community entirely, the Private Communities feature is exactly what you're looking for.
Private Communities comparison: ON vs. OFF
- Private Communities OFF - Users who don't have an account or who aren't logged in can browse your Vanilla community but can only view content.
- Private Communities ON - Users who don't have an account or who aren't logged in can't even view content; instead, they are redirected to the login page (where they can also register if they don't have an account). Essentially, Private Communities mode makes your Vanilla community a "members only" space.
Enable Private Communities
- Access the Dashboard.
- Navigate to Settings > Membership > Roles & Permissions.
- Click the Advanced Settings button.
- In the resulting dialog, enable the Enable Private Communities option.
- Click Save to apply the update.
Registration methods in a private community work the same as a "public" community. Organizations with private communities should consider the following:
- If your registration method is set to Basic, the intended privacy is compromised due to the open registration policy. With Basic registration, users fill out a simple form and are granted access immediately, with no admin approval required. This ease of obtaining an account defeats the purpose of a private community.
- The best practice for private communities is to use a less permissive registration method, like Approval or Invitation. This ensures a greater degree of control over who is able to register, and therefore upholds the integrity of your private community.
To learn more about our four registration methods, check out the article below.
The Private Communities feature was created to offer an increased level of privacy for organizations and users alike. However, it is not an "air tight" solution: Depending on other site configuration settings, it may be possible for some information to leak. For example, user information is particularly vulnerable to discovery during open registration, due to necessary availability checks for usernames and email addresses.