Creating a Local User Registry

A Local User Registry (LUR) can be created to provide user authentication for API Manager.

About this task

Local User Registries (LURs) are the default user registries included in API Connect. LURs are local databases included with API Connect. Two default LURs are installed and configured during installation of API Connect. They cannot be deleted. The default Admin user account is stored in the Provider LUR.

You can use API Manager to create additional Local User Registries for use with your provider organization.

One of the following roles is required to configure user registries:

  • Administrator
  • Organization Owner
  • Custom role with the Settings: Manage permissions

Procedure

Follow these steps to configure a new LUR:

  1. In the API Manager, click Resources Resources.
  2. Select User Registries to see the list of current user registries in your organization.
  3. Click Create in the User Registries section.
    Important: Do not share user registries between the API Manager and the Developer Portal, or between Developer Portal sites when self-service onboarding is enabled or account deletions in any of the sites are expected. You should create separate user registries for them, even if the separate registries point to the same backend authentication provider (for example, an LDAP server). This separation enables the Developer Portal to maintain unique email addresses across the catalog, without API Manager needing the same requirement. It also avoids problems with users deleting their accounts from the Developer Portal that then affects their API Manager access.
  4. Select Local User Registry as the type for the user registry and enter the following information:
    Field Description
    Title (required) Enter a descriptive name for use on the screen.
    Name (required) The name that is used in CLI commands. The name is auto-generated. For details of the CLI commands for managing user registries, see the toolkit CLI reference documentation.
    Display Name (required) The name that is displayed for selection by the user when logging in to a user interface, or activating their API Manager account.

    For details of user interface log in, and account activation, see Accessing the Cloud Manager user interface, Accessing the API Manager user interface, and Activating your API Manager user account.

    Note: The Developer Portal uses the Title of the User Registries when rendering them at the login page, rather than the Display Name.
    Summary (optional) Enter a brief description.
    Case sensitive Select this setting if user names are case-sensitive.
    Note: The Developer Portal does not support case sensitive usernames.
    Note: After at least one user has been onboarded into the registry, you cannot change this setting.
    Email required Select this checkbox if an email address is required as part of the user onboarding process. If selected, the source identity provider must supply the email address as part of the authentication process during onboarding.
    Note: An email address is not required by default for onboarding to the Cloud Manager or the API Manager, but it is required for onboarding to the Developer Portal.
    Unique email address Select this checkbox if email addresses must be unique within the user registry. For new Local User Registries, this setting is always selected; so if email addresses are contained in the user record, they must be unique. However, for existing Local User Registries this setting can be edited.
    Note: Every account in the Developer Portal, including across different user registries for the same site, must have a unique email address, including the site Admin account.
  5. Click Save.
  6. Add the user registry to the Sandbox Catalog. See Creating and configuring Catalogs.

Results

The user registry can be used for Basic Authentication in the Security Definition for an API. For more information, see Creating a basic authentication security definition.