Enable Channel Authentication within the Channel Manager
Configure the Channel Manager to authenticate CMS user previewing protected channels or pages.
Through authorization configuration in the repository you can force authentication for visitors accessing a channel or some specific sitemap item for a channel.
For CMS users previewing a channel in the Channel Manager, authentication is bypassed by default so they can freely browse the entire channel. However, it is possible to configure the Channel Manager to authenticate CMS users previewing a proteced channel or page.
The node /hst:hst/hst:hosts provides a boolean property hst:channelmanagersiteauthenticationskipped.
The default value for hst:channelmanagersiteauthenticationskipped is true, which means that CMS users authorized to preview a channel never have to authenticate within the preview channel.
To force authentication of CMS users previewing protected channels or pages in the Channel Manager, set the hst:channelmanagersiteauthenticationskipped to false:
/hst:hst: /hst:hosts: hst:channelmanagersiteauthenticationskipped: false