Authenticating and authorizing in Content Cortex
Content Platform Engine retrieves security data from directory servers or identity providers for authenticating security principals and authorizing users and groups. Both authentication and authorization rely on a directory service repository. Prepare the directory services to meet the needs of the Content Cortex domain and services before you deploy the FNCM containers.
About this task
A directory service repository can be either an LDAP or an IdP. The directory service repository is accessed by using standard LDAP APIs (for an LDAP) or SCIM APIs (for an IdP). The Content Platform Engine manages these APIs though the definition of directory service providers and SCIM Directory service providers in the Content Cortex domain. You have several options for where an LDAP or IdP is used in the system. At least one of the directory service repositories that are used with the Content Cortex domain must support groups as well as users.
| Use case | Description | CR reference topic |
|---|---|---|
| LDAP + LDAP (External Share optional) | The default configuration. Use of a single or multiple directory service providers that are accessible to all the deployments. Optionally for external share, an external LDAP is used. | See following parameters in LDAP parameters:
|
| LDAP + IdP + IdP (External Share optional) | A directory service repository can be either an LDAP or an IdP. This configuration uses LDAP for some internal users, IdP for other internal users, and IdP for external share users. | See following parameters in LDAP parameters:
|
| IdP | An IdP, via a SCIM Directory Server, can be used as an alternative to an LDAP. If only one IdP is used with a Content Cortex domain, then the IdP must support groups. | See following parameters Identity provider configuration parameters:
|