IBM i authentication methods

The IBM® i authentication mechanism used determines what repository group permissions a Jazz® Team Server user has.

The Jazz Team Server installed on IBM i has four repository groups:
  • JazzAdmins: Administrators of a Jazz repository with full read-write access
  • JazzProjectAdmins: Administrators of a Jazz repository with specific permissions to create and modify project areas, team areas, and process templates
  • JazzGuests: Users with read-only access to the Jazz repository
  • JazzUsers: Users with regular read-write access to the Jazz repository
A user must belong to at least one of these groups.

Depending on which authentication mechanism you use, the steps to add a user to a permission group are different. The administrator of the Jazz Team Server installed on IBM i should have information about which authentication mechanism is being used.

IBM i user profile authentication

  1. Run the command CRTUSRPRF to create a user profile for the user on the IBM i system in which the Jazz Team Server is being hosted, if a user profile does not already exist. When creating the user, you can either specify an IBM i group profile by specifying the group name using the Group profile (GRPPRF) parameter or if the user already belongs to a group or needs to belong to more than one group, specify the group names using the Supplemental groups (SUPGRPPRF) parameter. If you want to use an existing user profile, run CHGUSRPRF and specify the group name or names for the Group profile (GRPPRF) parameter. You can also use the Supplemental groups (SUPGRPPRF) parameter.
  2. Add the user to the Jazz Team Server using the steps described in the following paragraphs.
Add the user to the Jazz Team Server application:
  1. Login to the Jazz Team Server administrative web interface. You must belong to the JazzAdmins permission group.
  2. In the administrative web interface, click the Users menu.
  3. Select Create User.
  4. Complete the following fields:
    • In the User Name field, type a user name. The user name must be in uppercase.
    • In the User ID field, type a unique user identifier.
    • In the Email Address field, type an email address.
    Note: Unlike on other operating systems, you cannot view or assign repository permissions for a new IBM i user from the Jazz Team Server web interface. The repository permission groups for the user are determined by the steps you followed for IBM i user profile authentication. You cannot explicitly set them here.
  5. In the Client Access Licenses pane, select the appropriate license types. See Client access license management for the client access license types available.
  6. Click Save.
  7. Log out of the administrative web interface.
Note: If the Jazz Team Server application is set up to use IBM i user profile authentication, users must use uppercase user names when connecting to the web interface. For example, for a user profile JOHN, the user name used to connect to the web interface must be JOHN (all uppercase). Authentication is case sensitive.

LDAP authentication

For more information, see Importing users from an external user registry and Synchronizing LDAP with Jazz Team Server repository user information.

Adding the user to a project area or team area

After adding the user to the authentication realm and to the CCM repository group, you can now add the user to a project area or team area (or both) within the repository and assign the user specific roles defined in the process specification. See Adding existing users.