Authentication is the process of establishing the identity of a user or system and verifying that the identity is valid. You can control access to the IBM® App Connect Enterprise administration interfaces by using the authentication capabilities that are provided with the product.
If administration security authentication (basicAuth) is enabled, users of the web user interface and the RESTful API must log in with a user ID and password. If the user account is defined with a local password, the user ID and password are checked against the stored credentials. Users' access to data and resources is controlled by the permissions that are associated with their role. For more information, see Role-based security.
If administration security is not enabled, web users can interact with the IBM App Connect Enterprise web user interface without logging on; they interact with the web UI as the 'default' user and can access all data and resources. For users of the RESTful API, all REST requests are unrestricted if administration security is not enabled.
For the following administration interfaces, authentication is provided only by the system login; no additional authentication is carried out:
For more information about authenticating users for administration, see Managing web user accounts and Accessing the web user interface.
For information about authorizing users based on the role to which they are assigned, see Authorizing users for administration.
You can enable authentication for users of IBM App Connect Enterprise administration interfaces, either by using the mqsichangeauthmode command, or by setting security properties in the appropriate .yaml configuration file for your integration node or server.
Enable authentication by completing the steps in one of the following tasks: