Configuring external collaboration
External collaboration allows internal and external users to work together in your HCL Connections deployment. You can either configure this feature to allow self-registration by external users who received an invitation, or you can manage registration with a custom setup tailored to your particular environment.
About this task
true
. To complete the configuration, you must register external users manually and
then add them to the Profiles database. External users must have a special LDAP attribute and
Profiles role to identify them as external. For an overview of external collaboration, see Managing external user access.To configure external collaboration, complete the following steps:
Procedure
- Determine where external users are registered in your directory. If necessary, add a new branch to your existing LDAP directory. For more information, see Use an LDAP branch to store external users.
-
Take one of the following approaches:
- Configure the self-registration feature to have external users added to your LDAP directory
as they register. For more information, see Configuring self-registration for external users.Note: Self-registration requires that users have anonymous access to be able to register and reset their guest password. If an access manager solution such as IBM Security Verify Access (formerly Security Access Manager) is in place, a junction for the following context route has to be created/whitelisted: /selfservice/
- Add external users to your LDAP directory. The managed registration process differs for each organization and cannot be described here. For more information, see your organization's registration guidelines.
- Configure the self-registration feature to have external users added to your LDAP directory
as they register. For more information, see Configuring self-registration for external users.
- If you did NOT configure self-registration in step 2, synchronize your LDAP with the Profiles database. For more information, see Registering external users with Profiles.
-
(Optional) Allow internal users to collaborate with external users by changing their Profiles
roles. For more information, see Setting user roles for external collaboration. To also allow internal users to invite external users to Connections through a menu option, see
Configuring self-registration for external users.
Internal users cannot, by default, create communities that can have external users as members. All external users must be populated to Connections Profiles via IBM Security Verify Access Directory Integrator first. After an external user is created, then internal users can invite the external user to collaborate on Communities, Files and Activities, as long as those communities/files/activities are external.
- If your approach is managed registration and your deployment does not use an authentication mechanism such as IBM Security Verify Access or SiteMinder, disable anonymous access to HCL Connections. For more information, see Forcing users to log in before they can access an application.
-
If you have enabled single sign-on for IBM Security Verify Access with SPNEGO, the
authentication on the Security Verify Access server must be set to forms-based authentication
when SPNEGO is not present and the external visitor users in the database must match the IBM
Security Verify Access imported users. For more information, see Enabling SPNEGO single sign-on for Security Verify Access.