Content Management and Capture

 View Only

Use Identity Providers with FileNet to onboard users who aren’t in your corporate LDAP directory

By LAUREN Mayes posted Wed August 19, 2020 03:51 PM


In FileNet Content Manager/Content Foundation 5.5.5, users who aren’t in your corporate LDAP directory can access documents, folders and other objects.  This is a significant advancement that opens up your FileNet system to partners, contractors, customers and other business units.  To enable this integration, use Identify Providers (IdPs) that support OpenID Connect or OAuth 2.0.  For example, IBM ID, Google, Ping Identity, Okta, amongst others.

How does the IdP integration work?

FileNet administrators configure ‘realms’ that include email suffixes so that users can login with an email address and be given access to documents, folders and other objects in the FileNet system.  For example, configure a realm for users in, and another for users in The administrator can directly add users into each respective realm, using email addresses, such as, or the user can be recorded automatically after they login and authenticate using the identify provider.  Multiple email suffixes can be added to a realm, and rules can be configured to allow or block, as show in Figure 2.  The administrator also configures Content Navigator to enable authentication from the desired IdPs.

Figure 1 - Configure Managed Directory Realms



Figure 2 - Administrator configuration screens


How is this different from external share?


External share provides a specialized user interface, called ‘My Shares’, for accessing shared documents and folders.  Users see a list of shared documents and folders, along with a message from the person who shared – as shown in figure 3 below.  Users receive an email notification and a share expiration can also be set.  The external users authenticate with the IDP when they login to ICN and have access to the documents and folder shared with them.


Using the IdP integration, you can make the complete set of features in Content Navigator and the Content Platform Engine available to users, such as Browse, Search and Teamspaces.   In addition, the IdP integration may work well for custom applications because it avoids the need to create a share, all you have to do is give permissions for the user to access the relevant object.


In summary, if you want a very simple set of capabilities and user experience, along with share expiration, then external share is a good option.  If you want to provide full access to features in Content Navigator or your custom application, then using the IdP integration may be your best choice.

Figure 3 - Viewing Shares


For more information, see:





Tue February 23, 2021 04:58 AM

Thanks for this Blog article.
Is it possible to manipulate workflow with this feature ?
I mean, is an external user able to crawl work queues, select a work item, modify it and save it ?

Florian Kiebel