![[V5.0.2 or later]](../buildfiles/icon_v502.jpg){kind=icon}
Selecting the Portal Delegated User Registry
Select Portal Delegated User Registry in the API Manager UI, to improve the flexibility of user registry and account management in the Developer Portal.
When Portal Delegated User Registry is selected for a Catalog, the user management is delegated
from the management server to the Developer Portal, and new user
accounts can be created in the local Developer Portal database, also
known as the local user registry. However, selecting Portal Delegated User Registry also means that
the following additional user registration methods can be configured in the Developer Portal:
- Third-party authentication provider credentials
- Enabling third-party authentication provider credentials, such as Facebook and Google, reduces the number of authentication credentials that a user of the Developer Portal needs. For more information, see Using third-party authentication provider credentials to access the Developer Portal.
- LDAP user registry
- Configuring LDAP means that the Developer Portal can authenticate users against an existing LDAP user registry. For more information, see Configuring the Developer Portal to use an LDAP user registry. You can also configure a writable LDAP by extending the LDAP configuration, for more information see Tutorial: Configuring writable LDAP in the Developer Portal.
- OpenID Connect
- Enabling OpenID Connect means that the Developer Portal can
authenticate users against Google account credentials by using the OpenID Connect protocol. For more
information, see Using OpenID Connect with Google.
If you want to use a different OpenID Connect client than Google, you need to create a custom module to add the new OpenID Connect provider. See the Drupal documentation for information, The OpenID Connect module.
Note that use of the Generic OpenID Connect client is not supported.
Important:
- If the Portal Delegated User Registry is selected for a Catalog, the Developer Portal REST APIs cannot be used to gain access to the content in that Catalog, and portal analytics is disabled. This restriction is because the user management is delegated to the Developer Portal, and consequently the management server can no longer provide user authentication. You also cannot enable two-factor authentication for the Developer Portal.
- The Portal Delegated User Registry (PDUR) feature is not available in IBM® API Connect Version 2018, as additional user security options are available on the Management server. For a simpler migration process from Version 5 to Version 2018 (when the tooling is available), it is recommended to not use PDUR.
Select the Portal Delegated User Registry in the API Manager UI, by completing the following
steps:
- Click Dashboard in the Navigation pane, then click the Catalog for which you want to enable the use of external authentication provider credentials.
- Click .
- Select the IBM Developer Portal radio button to enable the Developer Portal site.
- Enter the URL of your Developer Portal site.
- In the User Registration and Invitation section, select Portal Delegated User Registry from the User Registry drop-down list. The catalog_name is the name of the Catalog that you are working in and applying the registry settings to.
- Click Save.
- After a few minutes, you receive an email with a link to your Developer Portal site for that Catalog. The link is a single use only link for the administrator account. When the link is active and you have accessed it, you can change the password of this administrator account.
User management is now delegated to your Developer Portal, and user registration will take place in the local Developer Portal database (local user registry). For information about the further configuration options that are available when Portal Delegated User Registry is set, see the following topics.