Content Management and Capture

Use Identity Providers with FileNet to onboard users who aren’t in your corporate LDAP directory

By LAUREN Mayes posted Wed August 19, 2020 03:51 PM

  

In FileNet Content Manager/Content Foundation 5.5.5, users who aren’t in your corporate LDAP directory can access documents, folders and other objects.  This is a significant advancement that opens up your FileNet system to partners, contractors, customers and other business units.  To enable this integration, use Identify Providers (IdPs) that support OpenID Connect or OAuth 2.0.  For example, IBM ID, Google, Ping Identity, Okta, amongst others.


How does the IdP integration work?

FileNet administrators configure ‘realms’ that include email suffixes so that users can login with an email address and be given access to documents, folders and other objects in the FileNet system.  For example, configure a realm for users in companyA.com, and another for users in companyB.com. The administrator can directly add users into each respective realm, using email addresses, such as BobSmith@companyA.com, or the user can be recorded automatically after they login and authenticate using the identify provider.  Multiple email suffixes can be added to a realm, and rules can be configured to allow or block, as show in Figure 2.  The administrator also configures Content Navigator to enable authentication from the desired IdPs.


Figure 1 - Configure Managed Directory Realms

 

 

Figure 2 - Administrator configuration screens

 

How is this different from external share?

 

External share provides a specialized user interface, called ‘My Shares’, for accessing shared documents and folders.  Users see a list of shared documents and folders, along with a message from the person who shared – as shown in figure 3 below.  Users receive an email notification and a share expiration can also be set.  The external users authenticate with the IDP when they login to ICN and have access to the documents and folder shared with them.

 

Using the IdP integration, you can make the complete set of features in Content Navigator and the Content Platform Engine available to users, such as Browse, Search and Teamspaces.   In addition, the IdP integration may work well for custom applications because it avoids the need to create a share, all you have to do is give permissions for the user to access the relevant object.

 

In summary, if you want a very simple set of capabilities and user experience, along with share expiration, then external share is a good option.  If you want to provide full access to features in Content Navigator or your custom application, then using the IdP integration may be your best choice.


Figure 3 - Viewing Shares

 

For more information, see: https://www.ibm.com/support/knowledgecenter/SSNW2F_5.5.0/com.ibm.p8.containers.doc/containers_configureidp.htm

 


#FileNet
#IBMContentNavigator(ICN)
#LDAP
#Featured-area-1-home
#Featured-area-1

Permalink

Comments

Tue February 23, 2021 04:58 AM

Thanks for this Blog article.
Is it possible to manipulate workflow with this feature ?
I mean, is an external user able to crawl work queues, select a work item, modify it and save it ?

Regards,
Florian Kiebel