Change the access levels of members or groups to require
them to provide credentials before they can access an IBM® Connections application.
Before you begin
Do not perform this task if you plan to use the IBM
Connections Multi-Service Portlet plug-in. This extension does not function as expected when IBM Connections is configured to force authentication.The
reader role of the Communities application is set to Everyone by default. If you perform this
procedure to change the reader role access level for any of the applications that have widgets that
are displayed within the Communities application, you must also make the same change to the
Communities reader role or the widget will no longer work in Communities.
About this task
To invite people to join the social networking community, many of the IBM Connections applications allow users to read public information, such as
public blogs or user profiles without requiring users to log in to the application first. In many
cases, it is not until you want to edit your own profile or blog that credentials are required. If
you do not want people or a subset of people to be able to freely browse through public information,
you can force them to log in to each application before they can view any content. If you force
authentication for an application, you should consider enabling it for all applications.
To force users to log in before they can access an application, complete the following steps.
Procedure
- Open the Integrated Solutions Console of the WebSphere® Application Server hosting the
application for which you want to restrict access.
- Expand , and then select WebSphere
enterprise applications.
- Select the application.
- Click Security role to user/group mapping.
- Select the check box in the Select column next to the reader role.
- Click .
- Repeat the previous steps for each application that you
want to force users to authenticate with before using.
Note:
- Activities, Home page, Rich Text Editor, and Search require users to authenticate by default;
the other applications do not. As a result, you do not need to perform this procedure on the
Activities, Home page, Rich Text Editor, or Search applications. However, if you do decide to change
the reader role in Search to be mapped to "All Authenticated in Application's Realm," then you must
map the reader role for all other applications to at least the same level of security as the Search
reader role. The reason for this is that the public Atom feeds in Search are secured by the reader
role which is mapped to "Everyone" in Search by default and all of the other applications use these
atom feeds. Their reader roles must have at least the same level of security as the Search reader
role.
- If you have configured single sign-on between the applications, requiring authentication for
each application does not prompt the same users for credentials as they move from one application to
another within a single session. It only prompts for credentials when users log in to the first
application. See Enabling single sign-on between all applications for more
information.
- Click OK. Click Apply,
and then click OK.