Restrict Access to Your Entire Site
You can restrict your entire site to logged in users only. If this feature is enabled, only registered and logged in visitors see the contents of your site. You can configure the site to redirect unauthenticated visitors to a login page with a link to a registration form. You can also restrict access to only those users that have been granted access by the Site Administrator. This flow is particularly useful in a B2B scenario where the organization wants to provide partners or customers with login credentials.
The CXM API is public and contains all the information exposed by the fieldset being used. Enabling password protection restricts users from accessing some or all of your site. However, a user who knows a URL that calls this API could access some of this information.
If your site uses a pre-Vinson version of SuiteCommerce Advanced, use the second of the following setup procedures.
To set up NetSuite:
-
In NetSuite, go to Commerce > Websites > Website List.
-
Click Edit next to the website to which you want to restrict access.
-
Go to the Shopping tab.
-
Check the Password-protect Entire Site box.
-
Set the Customer Registration Is field to one of the following:
-
Existing Customers Only - this restricts the site to customers who have login access to complete the checkout process. This option is only available with the Advanced Site Customization feature.
-
Required – this restricts the site to registered customers. New customers must register to be able to access the site. With this option, a record is created in NetSuite with contact information even if the shopper does not complete checkout.
For more information about customer registration, see Configure Site Registration. Note that the “optional” and “disabled” site registration options are not available if the site is password protected.
-
To set up NetSuite (pre-Vinson SCA):
-
In NetSuite, go to Commerce > Websites > Website List.
-
Click Edit next to the website to which you want to restrict access.
-
Go to the Shopping tab.
-
Set the Customer Registration Is field to one of the following:
-
Existing Customers Only - this restricts the site to customers who have login access to complete the checkout process. This option is only available with the Advanced Site Customization feature.
-
Required – this restricts the site to registered customers. New customers must register to be able to access the site. With this option, a record is created in NetSuite with contact information even if the shopper does not complete checkout.
Important:If this field is set to Disabled or Optional, this feature will not work.
For more information about customer registration, see Configure Site Registration.
-
-
Create a custom module that includes the backend Configuration object as a dependency. See Configure Properties for details.
Note:Do not edit the original Configuration.js source file directly. See Develop Your SCA Customization for information and best practices on customizing JavaScript.
-
Redefine the
passwordProtectedSiteproperty in the custom module to true. -
Save and deploy to your site.
Known Limitations
Before restricting access to your Commerce website, be aware of the following information:
-
When a user clicks on an item’s Quick View link after their session has ended, Commerce web stores redirect the user to the Checkout page instead of a Login page. The user cannot access the site, however, without logging in.
-
If a user changes the language after logging in to a password-protected site, the application recognizes the new domain and redirects the user to log in again.
-
Enabling password protection restricts users from accessing some or all of your site. However, a user who knows a URL that calls the CXM API could access some of this information.