User registry options

HCL Digital Experience provides various security configuration tasks. In the past, there was one task and you might not recover from errors. Also, you might not expand your user registry to meet your growing business needs. Now there are multiple tasks and you can fine-tune your system to meet your business needs.

You have the following general security options to choose from:
Table 1. Security options with explanation
Security option Explanation
Federated security With this option, you can create Virtual Portals with multiple realms. You can also use multiple repositories (LDAP, database, custom), and you can add Application Groups to your system. This option is good if you must merge multiple LDAP servers into one cohesive structure.
Attention: If you plan to enable the transient user feature, you must choose the federated user registry configuration.
Important: You must take special care that there are no duplicate names between the various repositories. For example, if you installed the product with a Portal Administrator of admin1, then admin1 must not exist in the corporate LDAP server.
Custom security This option provides you with the ability to write a fully controlled WebSphere Security environment. There is a custom user registry and a custom member adapter for Virtual Member Manager (VMM). The abilities of this option depend on your implementation.

Federated security

HCL is configured with a default federated repository with a built-in file repository. The federated repository offers you the richest number of options to meet your business needs. You can easily expand your business as your needs grow. For example, your company acquires a new business that has an existing LDAP user registry. You can add that LDAP server to your federated repository. Choose one of the following tasks to enable a production repository:
Table 2. Tasks to enable a production repository
Task Description
Add a federated LDAP repository to the VMM configuration Select this option to add an LDAP server to the federated repository. This task does not change the current security assignment. Therefore, the administrative user that is defined during installation is still active.
Add a federated database repository to the VMM configuration Select this option to add a database to the federated repository. This task does not change the current security assignment. Therefore, the administrative user that is defined during installation is still active.
Add a federated custom user registry Select this option to add a custom user registry that your company created to the federated repository. This task does not change the current security assignment. Therefore, the administrative user that is defined during installation is still active.
After you add your initial user registry, you can add more user registries to the repository to create a multiple user registry configuration. After you configure your repository, you must remove the default file-based repository. You do not have to remove the file-based repository in a development environment or if you are using HCL Connections. The following tasks are required to remove the default file-based repository:
Table 3. Tasks required to remove the default file-based repository
Task Description
Change the user registry where users and groups are stored This task changes the default repository where new users and groups are stored.
Change WebSphere Application Server administrator This task changes the WebSphere® Application Server administrator user ID and password.
Change HCL Portal Server administrator This task changes the HCL administrator user ID and password.
Delete a federated repository from the VMM configuration This task deleted the default file-based repository from your configuration.
After you use your federated repository, you might need to manage your user registry. You can run any of the following optional tasks to fine-tune your federated repository:
Table 4. Optional tasks to manage the federated repository
Task Description
Updating the federated LDAP user registry Choose this option to update certain parameters such as your bind ID and password to fix issues with your LDAP user registry.
Updating the federated database user registry Choose this option to update certain parameters such as the data source name, database URL, and database type to fix issues with your database user registry.
Create a realm Choose this option to create a realm, which is a group of users from one or more user registries that form a coherent group within HCL. Realms allow flexible user management with various configuration options. A realm must be mapped to a Virtual Portal to allow the defined users to log in to the Virtual Portal. In a federated repository, you can create multiple realms.