Logging in to a Developer Portal server

You log in to a management server from the command line by using the apic login command. The parameters that you supply determine the identity provider that is used to authenticate the supplied user ID, and the scope of the tasks that can be performed after successful log in.

To log in to the Developer Portal server from the command line, enter the following command:

apic login --server mgmt_endpoint_url --username user_id --password password --realm realm

The parameters for the apic login command are as follows:

mgmt_endpoint_url

Either the platform API endpoint URL, or the consumer API endpoint URL. Use the platform API endpoint URL if you are logging in as a member of a cloud administration organization or provider organization, and the consumer API endpoint URL if you are logging in as a member of a consumer organization. These endpoint URLs are configured during the installation of API Connect, as described in Installing the Management subsystem into a Kubernetes environment and Deploying the Management subsystem in a VMware environment. If you have access to the Cloud Manager user interface, you can view the configured endpoint URLs as described in Viewing platform and UI endpoints, ignoring any segments at the end of the displayed URLs. If you are not sure of the endpoint URL, ask your administrator.

user_id

The user ID you want to log in with.

password

The password associated with the supplied user ID.

realm

The realm parameter specifies the identity provider that is used to authenticated the supplied user ID, and the scope of the tasks that can be performed after successful log in.

The format of the realm depends on the type of user, as follows:

Member of the cloud administration organization:
```
admin/identity_provider
```
Member of a provider organization:
```
provider/identity_provider
```
Member of a consumer organization:
```
consumer:provider_org:catalog/identity_provider
```
where provider_org is the name of your provider organization, and catalog is the name of the Catalog in that provider organization.
Important: If you log in to the CLI as a member of a consumer organization, you must supply the --mode=consumer parameter to the apic login command, and to all consumer commands. To avoid having to type the parameter every time, you can set the mode configuration variable, by entering the following command:
```
apic config:set mode=consumer
```

If you want to log in as a member of the cloud administration organization, or as a member of a provider organization, you can help determine which identity provider to use in the --realm parameter by entering the following command to see a list of all available identity providers (you do not need to be logged in to use this command):

apic identity-providers:list --scope scope --server mgmt_endpoint_url --fields title,realm

where scope has the value admin or provider depending on whether you want to log in as a member of the cloud administration organization, or as a member of a provider organization. The output lists the names and titles of all identity providers, for example:

apic identity-providers:list --scope admin --server myserver.com --fields title,realm
total_results: 2
results:
  - title: Cloud Manager User Registry
    realm: admin/default-idp-1
  - title: Corporate LDAP user registry
    realm: admin/corporate-ldap

The title value should enable you to determine which identity provider to use; you can then copy the corresponding --realm parameter directly from the displayed realm value. For any identity providers that were created by your administrator after API Connect was installed, the names will have been determined at creation time. The default Cloud Manager Local User Registry for login as a member of the cloud administration organization is default-idp-1, and the default API Manager Local User Registry for login as a member of a provider organization is default-idp-2.

By default, API Connect creates a local user registry for user login for every context. The identity providers associated with these default registries are as follows:

Registry	Identity provider name
Cloud Manager Local User Registry (for login as a member of the cloud administration organization)	default-idp-1
API Manager Local User Registry (for login as a member of a provider organization)	default-idp-2
Sandbox Catalog User Registry (for login as a member of a consumer organization)	sandbox-idp

If you want to log in as a member of a consumer organization, and you are not using the default Sandbox Catalog User Registry, ask your administrator for the name of your identity provider.

Obtaining your organization information

You need to know some information about your organization as this needed as input for some of the Developer Portal CLI commands.

apic orgs:get -s mgmt_endpoint_url <org_name>

Logging out

To log out of a management server, use the following command:

apic logout --server mgmt_endpoint_url