Authentication Configuration

When installation of IBM® Db2® Data Management Console is completed, only one account exists and can log in to the console. This account is the setup administrator account for which the user ID and password is specified during the installation process.

After logging into the console as a setup administrator, click Administration and go to Settings > Authentication to configure the console to delegate authentication to an external LDAP server or to the repository database.

Only a single authentication type can be enabled at a time in IBM Db2 Data Management Console. Once any of these authentication types is set, the setup administrator account will be disabled automatically. It is strongly recommended to configure one of these authentication types and not to use the setup administrator account as the only account in the console.

Authentication settings of IBM Db2 Data Management Console can be re-configured at any time. Switching authentication type from one to another is also available. However, when changing authentication configuration data, existing data of former user accounts in the repository database will not be removed. New user accounts defined by new configuration would inherit these data only if an account has the same user ID with a former user account. The console will only recognize a user account by its user ID. For a user account to be considered as a new account after re-configuring, you must clean the data ( for example, connection privileges) that is related with the specific user ID before performing re-configuration.

Two different types of roles can be assigned to a console user account. One is administrator role and the other is user role. Only user accounts with administrator role are allowed to perform authentication configuration.