Preparing for External Share

You can configure your Content Platform Engine and Business Automation Navigator container deployments to enable the sharing of content with users that are external to your organization. Configuration for this feature includes deploying an additional container to enable external sharing.

Before you begin

Before you configure your container environment and deploy the external share container, note the following requirements:
  • You must deploy the Content Platform Engine and Business Automation Navigator containers.
  • If you want to use dynamic user provisioning, you must deploy Content Platform Engine V5.5.4 or later and the V5.5.4 or later External Share container. You must also deploy Business Automation Navigator V3.0.7 or later, choosing the ICN-SSO container image for deployment.
    This feature requires all users to use an identity provider that supports OAuth 2.0 or OpenID Connect.
    • For Internal users, such as employees, this identity provider must contain the same set of users as the LDAP server that is used by Content Platform Engine in one of its directory configurations.
    • For External users (i.e. users outside your company), you can configure one or more identity providers. These identity providers must be different than the one used for Internal users.

    Google Sign In and IBM Id are examples of OAuth 2.0/OpenID Connect identity providers that can be used for External users.

    Regardless of the number of identity providers you configure for External Users, you only need one Managed User Directory configured in Content Platform Engine.

  • If you plan to use the second LDAP directory model, prepare or designate an LDAP directory specifically for your external users. For details, see Configuring the external user LDAP realm.

About this task

Deploying the external share container and configuring your container environment for external share are part of a series of steps that make the external share capability available to users. The following roadmap provides a high-level view of these setup steps, and designates which steps are part of the container environment configuration:
  1. (Container environments) Create volumes and folders for the external share container.
  2. Choose how you want to configure external users, then configure authentication and user management:
    (All environments) External LDAP user directory
    Configure or designate a customer-managed LDAP directory realm to manage your external users. Note that FileNet® P8 Platform and IBM Content Navigator do not manage this LDAP realm. See Configuring the external user LDAP realm for additional information. (Container environments) Add the LDAP configuration details to the container deployment environment.
    (Container environments) Dynamic user provisioning with an Identity Provider (IDP)
    You designate an identity provider for external users, configure an Identity Provider to provide additional management of internal users, and configure additional parameters and files. These steps are done after deployment.
  3. (Container environments) Prepare for and deploy your external share container.
  4. (Container environments) (Post deployment) Configure Ingress access for your applications.
  5. (Container environments) (Post deployment) Configure cross origin resource sharing (CORS) to enable the REST service for external content sharing.
  6. (All environments) (Post deployment) Configure external share settings on FileNet P8 Platform by using the Administration Console for Content Platform Engine. Settings in the administration console include configuring the additional LDAP directory realm for external users and properties that are specific to external content sharing. See Configuring Content Platform Engine for external sharing for additional information.
  7. (All environments) Configure IBM Content Navigator to enable external shares. See Configuring external Share for additional information.
    • Enable external shares by enabling the P8 repository, and setting appropriate permissions.
    • Set up the external sharing capability for users by adding the share menu actions, creating a custom desktop for external users, and optionally customizing the email template for sharing.
    • You will also need to make IBM Content Navigator available to the external users, outside of the firewall. This task is typically done by a network administrator.
  8. (All environments) (Post deployment) Configuring additional Content Platform Engine settings:
    • Configuring the sweep policy for share (optional)
    • Customizing the email template (optional)