Understanding External Security Page Settings

Use the External page if you configure security in a directory that is not part of TIBCO WebFOCUS.

Enable External Security

When you select this check box, internal security settings are overridden and all authentication activities and approvals are directed to the external system you identify on this page. Fields and features in the section below this check box become available and respond to updates from Administrators.

External Security Type (IBI_Authentication_Type)

The list box for this field contains the following values:

  • Reporting Server. Definition is currently unavailable.
  • Legacy LDAP. Authenticates users against an AD or LDAP directory. Do not select this option unless advised to do so by the Customer Support Team.
  • Custom Java Plug-In. Definition is currently unavailable. Do not select this option unless advised to do so by the Customer Support Team.
Reporting Server Node

Specifies the name of the Server that manages communications with the external authentication provider application.

Server Administrator ID

Specifies the ID of the administrator of the external security server. To make the User Authorization section available, you must type the ID of a valid user that is already defined on the external security server in this field. Typically this is the user ID you assign to the server manager during the installation.

Password

Specifies the Password assigned to the administrator of the external security server. To validate the ID and password of the external Server administrator, click Connect. When you submit a valid ID and password, the User Authorization section becomes available.

User Authorization

The location where authorization is granted to users. The options and check boxes in this section become available only after you type a valid user ID in the Server Admin ID field and click Connect.

  • Internal. TIBCO WebFOCUS manages all user authorization tasks.
  • Internal and External. TIBCO WebFOCUS and the external application share the management of authorization tasks.
  • External Only. The external application manages authorization tasks.
  • Group Provider Override. When selected, this check box and the field associated with it identify the external provider that overrides group authorization.

    Note: This check box appears only after you click the options Internal and External, or External Only, the Group provider Override checkbooks and field appear.

Account Creation on Sign In

Specifies the range of user accounts that will be created upon their first sign-in attempt.

  • All. Specifies the creation of an account for all users upon their first sign-in attempt.
  • Mapped External Groups. Specifies the creation of an account only for those users in Mapped External Groups upon their first sign-in attempt.
  • Off. Disables the automatic creation of user accounts.
Synchronize User Information

Activates the automatic retrieval of user information for the Description and EMail Address fields when users sign in to TIBCO WebFOCUS, helping to ensure that the most current user information is always available.

If this check box is cleared, the default setting, the Description and EMail Address fields of a user are not updated when that user signs in.

If this check box is selected, the Description and EMail Address fields of a user are updated when that user signs in. The source of this information depends upon the selection of one of the following options:

  • With Authentication Provider. If this option is selected, updated Description and EMail Address field information is received from the authentication provider. This option is selected, by default.
  • With Authorization Provider. If this option is selected, updated Description and EMail Address field information is received from the authorization provider.

The values assigned to this setting apply equally to users who sign in to a security zone using Form Based authentication as well as Pre-authentication, as long as External Security is in use.