(V5.5.4 and later) Configuring users with an identity provider

You can manage your external share users by configuring an external identity provider (IDP). You also create a corresponding directory service provider to manage the users in the Administration Console for Content Platform Engine.

Before you begin

Before you can manage external users or share content with them, you must set up the external identity provider service that you want to use. For information about what identity providers are supported, see the Software Product Compatibility Report.

For container deployments, you perform additional tasks to configure authentication for the externally managed users. For details, see Configuring users with an Identity Provider.

For traditional on-premises deployments, you configure your Content Platform Engine and IBM Content Navigator application server to accommodate your Oauth/OIDC identity provider. For details, see Configuring dynamic user provisioning for a traditional WebSphere Application Server environment

About this task

You manage external users in the Administration Console for Content Platform Engine by creating a Managed Users directory provider. You need to create only one Managed Users directory provider, even if you use multiple external identity providers.
Important: Creating a managed user directory means that you are managing users in the Global Configuration Database. It is recommended to adjust the backup schedule to include more frequent backups of the database to accommodate updates in the list of managed users.

Procedure

To create the managed user directory:

  1. In the Administration Console for Content Platform Engine, open the P8Domain.
  2. In the contents pane, click the Directory Configuration tab, and click New.
  3. In the Directory Service Provider wizard, click the drop-down choices for Type, and choose Managed.
  4. Enter a display name for the provider, and click Next.
  5. Provide values for the general properties of the provider.
    For the principal category, specify External to help distinguish external users from internal users.

    You can also specify an interval in days after which unconfirmed users are deleted. These users are invited to share content, but do not log in to confirm their identity and access the content. After the unconfirmed user is deleted, the associated sweep also cleans up any share permissions that were granted to that user.

  6. Click Next to confirm the values that you entered for the provider, then click Finish.
    When the creation of the provider completes, click Close.
  7. Add users to the new directory service provider:
    1. In the navigation pane, expand Global Configuration > Administration > Managed User Realms, and click the provider that you created.
    2. In the content pane, click Add User.
    3. In the New Managed User dialog, enter the email address and specify a display name for the new user.