In FileNet Content Manager/Content Foundation 5.5.5, users who aren’t in your corporate LDAP directory can access documents, folders and other objects. This is a significant advancement that opens up your FileNet system to partners, contractors, customers and other business units. To enable this integration, use Identify Providers (IdPs) that support OpenID Connect or OAuth 2.0. For example, IBM ID, Google, Ping Identity, Okta, amongst others.
How does the IdP integration work?
FileNet administrators configure ‘realms’ that include email suffixes so that users can login with an email address and be given access to documents, folders and other objects in the FileNet system. For example, configure a realm for users in companyA.com, and another for users in companyB.com. The administrator can directly add users into each respective realm, using email addresses, such as BobSmith@companyA.com, or the user can be recorded automatically after they login and authenticate using the identify provider. Multiple email suffixes can be added to a realm, and rules can be configured to allow or block, as show in Figure 2. The administrator also configures Content Navigator to enable authentication from the desired IdPs.
Figure 1 - Configure Managed Directory Realms
Figure 2 - Administrator configuration screens
How is this different from external share?
External share provides a specialized user interface, called ‘My Shares’, for accessing shared documents and folders. Users see a list of shared documents and folders, along with a message from the person who shared – as shown in figure 3 below. Users receive an email notification and a share expiration can also be set. The external users authenticate with the IDP when they login to ICN and have access to the documents and folder shared with them.
Using the IdP integration, you can make the complete set of features in Content Navigator and the Content Platform Engine available to users, such as Browse, Search and Teamspaces. In addition, the IdP integration may work well for custom applications because it avoids the need to create a share, all you have to do is give permissions for the user to access the relevant object.
In summary, if you want a very simple set of capabilities and user experience, along with share expiration, then external share is a good option. If you want to provide full access to features in Content Navigator or your custom application, then using the IdP integration may be your best choice.
Figure 3 - Viewing Shares
For more information, see: https://www.ibm.com/support/knowledgecenter/SSNW2F_5.5.0/com.ibm.p8.containers.doc/containers_configureidp.htm