Configuring a Local User Registry

A Local User Registry (LUR) can be configured to provide user authentication for both Cloud Manager and API Manager.

About this task

Local User Registries (LURs) are the default user registries included in API Connect. LURs are local databases included with API Connect. Two default LURs are installed and configured during installation of API Connect. They cannot be deleted. The default Admin user account is stored in the Provider LUR.

You can create and configure a new LUR. After you create it, you must set it as active in Settings > User Registries. See Selecting user registries for Cloud Manager and API Manager.

One of the following roles is required to configure user registries:

  • Administrator
  • Owner
  • Topology Administrator
  • Custom role with the Settings: Manage permissions


Follow these steps to configure a new LUR:

  1. In the Cloud Manager, click Resources.
  2. Click Create in the User Registries section.
    Important: Do not share user registries between the API Manager and the Developer Portal, or between Developer Portal sites when self-service onboarding is enabled or account deletions in any of the sites are expected. You should create separate user registries for them, even if the separate registries point to the same backend authentication provider (for example, an LDAP server). This separation enables the Developer Portal to maintain unique email addresses across the Catalog, without API Manager needing the same requirement. It also avoids problems with users deleting their accounts from the Developer Portal that then affects their API Manager access.
  3. Select Local User Registry as the type for the user registry and enter the following information:
    Field Description
    Title (required) Enter a descriptive name for use on the screen.
    Name (required) The name that is used in CLI commands. The name is auto-generated. For details of the CLI commands for managing user registries, see apic user-registries.
    Display Name (required) The name that is displayed for selection by the user when logging in to a user interface, or activating their API Manager account.

    For details of user interface log in, and account activation, see Accessing the Cloud Manager user interface, Accessing the API Manager user interface, and Activating your API Manager user account.

    Note: The Developer Portal uses the Title of the User Registries when rendering them at the login page, rather than the Display Name.
    Summary (optional) Enter a brief description.
    Case sensitive Select this setting if user names are case-sensitive.
    Note: The Developer Portal does not support case sensitive usernames.
    Note: After at least one user has been onboarded into the registry, you cannot change this setting.
    Email required Select this checkbox if an email address is required as part of the user onboarding process. If selected, the source identity provider must supply the email address as part of the authentication process during onboarding.
    Note: An email address is not required by default for onboarding to the Cloud Manager or the API Manager, but it is required for onboarding to the Developer Portal.
    Unique email address Select this checkbox if email addresses must be unique within the user registry. For new Local User Registries, this setting is always selected; so if email addresses are contained in the user record, they must be unique. However, for existing Local User Registries this setting can be edited.
    Note: Every account in the Developer Portal, including across different user registries for the same site, must have a unique email address, including the site Admin account.
  4. Click Save.


The user registry is saved and is available to be configured for user authentication in Cloud Manager or API Manager by selecting it in Settings > User Registries. See Selecting user registries for Cloud Manager and API Manager.