A Local User Registry (LUR) can be configured to provide user authentication for both Cloud Manager and API Manager.
About this task
Local User Registries (LURs) are the default user registries included in API Connect. LURs are
local databases included with API Connect. Two default LURs are installed and configured during
installation of API Connect. They cannot be deleted. The default Admin user account is stored in the
Provider LUR.
You can create and configure a new LUR. After you create it, you must set it as active in . See Selecting user registries for Cloud Manager and API Manager.
One of the following roles is required to configure user registries:
- Administrator
- Owner
- Topology Administrator
- Custom role with the Settings: Manage permissions
Procedure
Follow these steps to configure a new LUR:
-
In the Cloud Manager, click
.
-
Click Create in the User Registries section.
Important: Do not share user registries between the API Manager and the Developer Portal, or
between Developer Portal
sites when self-service onboarding is enabled or account deletions in any of the sites are expected.
You should create separate user registries for them, even if the separate registries point to the
same backend authentication provider (for example, an LDAP server). This separation enables the Developer Portal to
maintain unique email addresses across the Catalog, without API Manager needing the same
requirement. It also avoids problems with users deleting their accounts from the Developer Portal that
then affects their API Manager
access.
-
Select Local User Registry as the type for the user registry and enter
the following information:
| Field |
Description |
| Title (required) |
Enter a descriptive name for use on the screen. |
| Name (required) |
The name that is used in CLI commands. The name is auto-generated.
For details of the CLI commands for managing user registries, see apic
user-registries. |
| Display Name (required) |
The name that is displayed for selection by the user when
logging in to a user interface, or activating their API Manager account. For
details of user interface log in, and account activation, see Accessing the Cloud Manager user interface, Accessing the API
Manager user interface, and Activating your API Manager user
account.
Note: The Developer Portal uses
the Title of the User Registries when rendering them at the login page, rather than
the Display Name.
|
| Summary (optional) |
Enter a brief description. |
| Case sensitive |
Select this setting if user names are case-sensitive. Note: The Developer Portal does
not support case sensitive usernames.
Note: After at least one user has been onboarded into
the registry, you cannot change this setting.
|
| Email required |
Select this checkbox if an email address is required as part of the user onboarding
process. If selected, the source identity provider must supply the email address as part of the
authentication process during onboarding. Note: An email address is not required by default for
onboarding to the Cloud Manager or
the API Manager, but it is
required for onboarding to the Developer Portal.
|
| Unique email address |
Select this checkbox if email addresses must be unique within the user registry. For new
Local User Registries, this setting is always selected; so if email addresses are contained in the
user record, they must be unique. However, for existing Local User Registries this setting can be
edited. Note: Every account in the Developer Portal,
including across different user registries for the same site, must have a unique email address,
including the site Admin account.
|
-
Click Save.