Optional: Configuring external share for containers

You can configure your Content Platform Engine and IBM Content Navigator container deployments to enable the sharing of content with users that are external to your organization. Configuration for this feature includes deploying an additional container to enable external sharing.

Before you begin

Before you configure your container environment and deploy the external share container, you must perform the following steps:
  • If you have not already done so, deploy and configure the Content Platform Engine container and the IBM Content Navigator V3.0.5 or later container. Verify that these container deployments are working together as intended.
  • If you want to use dynamic user provisioning, you must deploy Content Platform Engine External Share container. You must also deploy IBM Content Navigator V3.0.7 or later, choosing the ICN-SSO container image for deployment.
    This feature requires all users to use an identity provider that supports OAuth 2.0 or OpenID Connect.
    • For Internal users, such as employees, this identity provider must contain the same set of users as the LDAP server that is used by Content Platform Engine in one of its directory configurations.
    • For External users, that is, users outside your company, you can configure one or more identity providers. These identity providers must be different than the one used for Internal users.

    Google Sign In and IBM Id are examples of OAuth 2.0/OpenID Connect identity providers that can be used for External users.

    Regardless of the number of identity providers you configure for External Users, you only need one Managed User Directory configured in Content Platform Engine.

  • If you plan to use the second LDAP directory model, prepare or designate an LDAP directory specifically for your external users. For details, see Configuring the external user LDAP realm.

About this task

Deploying the external share container and configuring your container environment for external share are part of a series of steps that make the external share capability available to users. The following roadmap provides a high-level view of these setup steps, and designates which steps are part of the container environment configuration:
  1. (Container environments) Create volumes and folders for the external share container.
  2. (Container environments) Prepare for and deploy your external share container.
  3. (Container environments)
  4. Choose how you want to configure external users, then configure authentication and user management:
    (Container environments) Dynamic user provisioning with an Identity Provider (IDP)
    You designate an identity provider for external users, configure an Identity Provider to provide additional management of internal users, and configure additional parameters and files.
    (All environments) External LDAP user directory
    Configure or designate a customer-managed LDAP directory realm to manage your external users. Note that FileNet P8 Platform and IBM Content Navigator do not manage this LDAP realm. See Configuring the external user LDAP realm for additional information. (Container environments) Add the LDAP configuration details to the container deployment environment.
  5. (Container environments) Connect the external share container deployment to the IBM Content Navigator database.
  6. (Container environments) Configure cross origin resource sharing (CORS) to enable the REST service for external content sharing.
  7. (All environments) Configure external share settings on FileNet P8 Platform by using the Administration Console for Content Platform Engine. Settings in the administration console include configuring the additional LDAP directory realm for external users and properties that are specific to external content sharing. See Configuring Content Platform Engine for external sharing for additional information.
  8. (All environments) Configure IBM Content Navigator to enable external shares. See Configuring external Share for additional information.
    • Enable external shares by enabling the P8 repository, and setting appropriate permissions.
    • Set up the external sharing capability for users by adding the share menu actions, creating a custom desktop for external users, and optionally customizing the email template for sharing.
    • You will also need to make IBM Content Navigator available to the external users, outside of the firewall. This task is typically done by a network administrator.
  9. (All environments) Configuring additional Content Platform Engine settings:
    • Configuring the sweep policy for share (optional)
    • Customizing the email template (optional)