Manage external user access
External users are people from outside the organization's network.
If internal and external users both access Connections using the same caching proxy server, to avoid serving cache content to the public, disable the public cache by editing...
LotusConnections-config.xml
...and setting...
<genericProperty name="publicCacheEnabled">false</genericProperty>
If Connections Content Manager (CCM) is used, and external user access is enabled, the URL to FileNet Collaboration Services, /dm/*, can be blocked from external users by either...
- Setting rules in a security proxy such as Tivoli Access Manager
- Giving users access only to a separate HTTP server that lacks a mapping for the Library or FileNet Collaboration Services, /dm/*.
Test the block by logging on to the external network and browsing to the FileNet Collaboration Services URL...
http://myco.com/dm/
This network can be a VPN for the visitors or just the public internet. If the server returns a valid response when accessed from a network used by the visitors, you did not correctly block visitors from accessing CCM.
If the URL to FileNet Collaboration Services, /dm, is unblocked, external users might be able to directly access Libraries content in public Communities. When external users are configured for Connections, and CCM is enabled, we cannot add CCM Libraries or Linked Libraries to communities to which external users have access. These widgets are not available in these communities.
Before enabling external users, consider whether the Connections users use the IBM Connections Desktop Plug-ins for Windows. Support for external visitors is limited in the desktop plug-ins. There are no indicators or warnings to inform users that content they access from Connections, and add from their desktop might be visible to external users and there is no ability to control external sharing when creating content. In addition, some operations might result in unexpected errors.
To enable external user access disable anonymous access for all Connections users.
If external users are not forced to authenticate through a mechanism such as Tivoli Access Manager (TAM), then disable anonymous access for all Connections users. Carry out the steps in Force users to log in before they can access an application. If anonymous access is enabled and external users are permitted to access the Connections implementation, then external users could anonymously access all public data in Connections. This access includes profiles and public files and communities that were not intended to be shared externally.
Parent topic:
Administer common areas
Related: