Authenticating users for administration
Authentication is the process of establishing the identity of a user or system and verifying that the identity is valid. You can control access to the IBM® App Connect Enterprise administration interfaces by using the authentication capabilities that are provided with the product.
Before you begin
About this task
- IBM App Connect Enterprise web user interface.
- IBM App Connect Enterprise RESTful application programming interface (REST API).
- IBM App Connect Enterprise Toolkit.
- IBM App Connect Enterprise commands.
If administration security authentication (basicAuth) is enabled, users of the web user interface and the REST API must log in with a user ID and password. If LDAP authentication is enabled on the integration node or independent integration server, then all users are authenticated by the LDAP server. Any local passwords are ignored. If LDAP authentication is not configured, then the user ID and password are checked against the credentials that are held in the integration node or independent integration server. Users' access to data and resources is controlled by the permissions that are associated with their role. For more information, see Role-based security.
If administration security is not enabled, web users can interact with the IBM App Connect Enterprise web user interface without logging on. They interact with the web UI as the 'default' user and can access all data and resources. For users of the REST API, all REST requests are unrestricted if administration security is not enabled.
For the following administration interfaces, authentication is provided only by the system login; no additional authentication is carried out:
- IBM App Connect Enterprise Toolkit
- IBM Integration API
- IBM App Connect Enterprise commands (when they make a local connection, specifying only the integration node name)
For more information about authenticating users for administration, see Managing web user accounts and Accessing the web user interface.
For more information about authenticating web user accounts by using LDAP, see Enabling LDAP authentication.
For more information about authorizing users based on the role to which they are assigned, see Authorizing users for administration.
You can enable authentication for users of IBM App Connect Enterprise administration interfaces, either by using the mqsichangeauthmode command, or by setting security properties in the appropriate .yaml configuration file for your integration node or server.
Procedure
Enable authentication by completing the steps in one of the following tasks: