+

Search Tips   |   Advanced Search

Force users to log in before they can access an application

Change the access levels of members or groups to require them to provide credentials before they can access a Connections application.

Do not perform this task if you plan to use the Connections Multi-Service Portlet plug-in. This extension does not function as expected when Connections is configured to force authentication.

The reader role of the Communities application is set to Everyone by default. If we perform this procedure to change the reader role access level for any of the applications that have widgets displayed within the Communities application, also make the same change to the Communities reader role or the widget will no longer work in Communities.

In an effort to invite people to join the social networking community, many of the Connections applications allow users to read public information, such as public blogs or user profiles without requiring users to log in to the application first. In many cases, it is not until to edit our own profile or blog that credentials are required. If we do not want people or a subset of people to be able to freely browse through public information, we can force them to log in to each application before they can view any content. If we force authentication for an application, you should consider enabling it for all applications.

To force users to log in before they can access an application:

  1. Open the WAS console hosting the application for which to restrict access and expand...

      Applications | Application Types | WebSphere enterprise applications | application | Security role to user/group mapping

  2. Select the check box in the Select column next to the reader role.

  3. Click...

      Map Special Subjects | All Authenticated in Application's Realm

  4. Repeat the previous steps for each application to force users to authenticate with before using.

    • Activities, Home page, and Search require users to authenticate by default; the other applications do not. As a result, you do not need to perform this procedure on the Activities, Home page, or Search applications. However, if you do decide to change the reader role in Search to be mapped to "All Authenticated in Application's Realm," then we must map the reader role for all other applications to at least the same level of security as the Search reader role. The reason for this is the public Atom feeds in Search are secured by the reader role which is mapped to "Everyone" in Search by default and all of the other applications use these atom feeds. Their reader roles must have at least the same level of security as the Search reader role.

    • As long as you have configured single sign-on between the applications, requiring authentication for each application does not prompt the same users for credentials as they move from one application to another within a single session. It only prompts for credentials when users log in to the first application. See Enable single sign-on between all applications for more information.

  5. Click OK. Click Apply, and then click OK.


Parent topic:
Security


Related:
Configure External Collaboration
Use the Profiles database as the user directory
Enable single sign-on for standalone LDAP
Customize login attributes