Change the access levels of members or groups to require
them to provide credentials before they can access an IBM® Connections application.
Before you begin
Do not perform this task if you plan to use the IBM Connections Multi-Service Portlet plug-in.
This extension does not function as expected when IBM Connections is configured to force authentication.The
reader role of the Communities application is set to Everyone by default.
If you perform this procedure to change the reader role access level
for any of the applications that have widgets that are displayed within
the Communities application, you must also make the same change to
the Communities reader role or the widget will no longer work in Communities.
About this task
In an effort to invite people to join the social networking
community, many of the IBM Connections
applications allow users to read public information, such as public
blogs or user profiles without requiring users to log in to the application
first. In many cases, it is not until you want to edit your own profile
or blog that credentials are required. If you do not want people or
a subset of people to be able to freely browse through public information,
you can force them to log in to each application before they can view
any content. If you force authentication for an application, you should
consider enabling it for all applications.
To force users to log
in before they can access an application, complete the following steps:Procedure
- Open the Integrated Solutions Console of the WebSphere® Application Server hosting the
application for which you want to restrict access.
- Expand , and then select WebSphere
enterprise applications.
- Select the application.
- Click Security role to user/group mapping.
- Select the check box in the Select column next to the reader role.
- Click .
- Repeat the previous steps for each application that you
want to force users to authenticate with before using.
Note: - Activities, Home page, and Search require users to authenticate
by default; the other applications do not. As a result, you do not
need to perform this procedure on the Activities, Home page, or Search
applications. However, if you do decide to change the reader role
in Search to be mapped to "All Authenticated in Application's Realm,"
then you must map the reader role for all other applications to at
least the same level of security as the Search reader role. The reason
for this is that the public Atom feeds in Search are secured by the
reader role which is mapped to "Everyone" in Search by default and
all of the other applications use these atom feeds. Their reader roles
must have at least the same level of security as the Search reader
role.
- As long as you have configured single sign-on between the applications,
requiring authentication for each application does not prompt the
same users for credentials as they move from one application to another
within a single session. It only prompts for credentials when users
log in to the first application. See Enabling single sign-on
between all applications for more information.
- Click OK. Click Apply,
and then click OK.