Selecting the Portal Delegated User Registry
If the Portal Delegated User Registry is selected for the associated Catalog, or you are using an IBMid user registry, you cannot enable two-factor authentication for the Developer Portal.
When using the Portal Delegated User Registry, you can specify whether new accounts require administrator approval.
Select Portal Delegated User Registry in the¬†API Manager¬†UI, to improve the flexibility of user registry and account management in the¬†Developer Portal.
When Portal Delegated User Registry is selected for a Catalog, the user management is delegated from the management server to the¬†Developer Portal, and new user accounts can be created in the local¬†Developer Portal¬†database, also known as the local user registry. However, selecting Portal Delegated User Registry also means that the following additional user registration methods can be configured in the¬†Developer Portal:
- Third-party authentication provider credentials
- LDAP user registry
- OpenID Connect
If the Portal Delegated User Registry is selected for a Catalog, the¬†Developer Portal¬†REST APIs cannot be used to gain access to the content in that Catalog. This restriction is because the user management is delegated to the¬†Developer Portal, and consequently the management server can no longer provide user authentication. You also cannot enable two-factor authentication for the¬†Developer Portal.
Select the Portal Delegated User Registry in the¬†API Manager¬†UI, by completing the following steps:
1.¬†¬†¬† Click¬†Dashboard¬†in the¬†Navigation¬†pane, then click the Catalog for which you want to enable the use of external authentication provider credentials.
3.¬†¬†¬† Select the¬†IBM Developer Portal
4.¬†¬†¬† Enter the URL of your¬†Developer Portal¬†site.
5.¬†¬†¬† In the¬†User Registration and Invitation¬†section, select¬†Portal Delegated User Registry¬†from the¬†User Registry¬†drop-down list.
6.¬†¬†¬† Click Save.
After a few minutes, you receive an email with a link to your¬†Developer Portal¬†site for that Catalog. The link is a single use only link for the administrator account. When the link is active and you have accessed it, you can change the password of this administrator account.
User management is now delegated to your¬†Developer Portal, and user registration will take place in the local¬†Developer Portal¬†database (local user registry).¬†
For more information, see:
Setting the new account request approval
Change the account settings to enable approval for all new accounts including external authentication providers:
1.¬†¬†¬† On the administrator dashboard, click¬†Configuration¬†>¬†People¬†>¬†Account settings.
2.¬†¬†¬† In the¬†Registration and cancellation¬†section, select Visitors, but administrator approval is required
3.¬†¬†¬† To enable the¬†Require e-mail verification when a visitor creates an account¬†function, select the adjacent check box:
4.¬† In E-mails section select Welcome (awaiting approval)
5.¬† Click¬†Save configuration.
Now the approval configuration is complete.
1.¬† An ExternalUser has requested an account for Sbanken Developer Portal.
Click Create new account
2.¬† ExternalUser received an email pending admin approval
3.¬† Portal admin received a notification email pending admin approval:
ExternalUser has applied for an account.
4.¬† Admin activates the new account:
– In People menu select ExternalUser
– In Status section select Active
– In password settings check Force password change on next login
– Click Save
5.¬†¬† ExternalUser received an email approved
6.¬†¬† ExternalUser logins on the Portal following the provided link, and is requested to change the password on the first login.
End of the story.