Configuring an external portal for external users

Before you begin

• You must have the MyIT Admin permissions.
• As a BMC Helix Digital Workplace administrator, you must prepare an external portal for configuration. For more information, see Preparing-an-external-portal-for-external-administrators.

To enable external users to receive registration emails

1. In the Admin console, go to Configuration > Email & Notifications.
2. In the Backend URL field, provide a link that points to your host.

3. In the Sender field, provide a name for the email account from which external users receive emails from the external portal.

   SaaS customers must set the Sender email address with @ onbmc.com.The following image shows an example of the email configuration:

   

4. Click Save.
   For more information about configuring email notifications, see Configuring-the-email-server.

To connect an enhanced catalog to an external portal

1. In the Admin console, navigate to Configuration > Enhanced Catalog.
2. Enter the enhanced catalog URL.
   Accepted format: https://[hostname] : [port] / [path]
   For example: https://domainname:8008/api/myit-sb
3. Enter the System User.
4. Enter the System User Password.
5. Click Save to apply the changes.
   

For more information about enabling an enhanced catalog, see Enabling-and-configuring-the-enhanced-catalog.

To add a configuration for an external company

1. In the Admin console, go to Configuration > External Users.
2. Open the Settings tab.
3. From the Site list, select the region of the registered external users.
4. In the URL field, enter the BMC Helix Digital Workplace external URL that self-registered users will use to access the external portal.
   Make sure that the external portal URL is not the same as the URL for your internal end users. 
   
   For example, https://apexglobalext.com/dwp
   
   The following image is an example of the settings tab:
   
   
   
5. Click Save.

6. Set the DNS name for the URL added in the previous step. 

   The hostname dedicated to be used as an external portal URL must be registered with DNS. This hostname must be associated with IP address of the corresponding BMC Helix Digital Workplace server. 

   Setting the DNS name is a task for network administrator to assign (one more) domain name for IP address of the BMC Helix Digital Workplace server or to assign (one more) domain name for IP address of the load balancer serving for cluster of BMC Helix Digital Workplace servers.

   Important

   The same domain name cannot serve both internal and external user access.

To configure reCAPTCHA for registration

By default, the reCAPTCHA option is disabled.

1. On the Google reCAPTCHA site, generate the keys for the reCAPTCHA v3 type. To do this, complete the Google registration form and click Submit.
   The following image shows an example of the generated keys:

   

2. In the Admin console, go to Configuration > External Users.
3. On the Settings tab, turn on the reCAPTCHA (v3) toggle.
   
   
4. In the reCAPTCHA Site Key field, enter the site key generated in step 1.
5. In the reCAPTCHA Secret Key field, enter the secret key generated in step 1.
6. Click Save.
   The reCAPTCHA is configured and runs adaptive risk analysis in the background to detect suspicious user interactions. It does not require a user to perform any actions. However, if a suspicious interaction is detected, a user sees an error message and cannot register in an external portal.

To configure the password settings

Until you configure the password setting, the following default settings are applied in an external portal:

• The password reset link expires in 1 hour.
• External users are not forced to reset their passwords.
• The password uniqueness value is 1, which means a password cannot match the previous user's password.

To configure the password settings, perform the following actions:

1. In the Admin console, go to Configuration > External Users.
2. Open the Settings tab.
3. To configure the expiration period of the password reset link, in the Password reset link expiration field, enter the required number of hours.
   The minimum allowed value is 1 hour. The maximum allowed value is 168 hours. 

4. To configure password uniqueness, from the Password cannot match previous passwords list, select the required value.
   You can select values from 1 to 5.

   Important

   In a multinode setup (for example, a BMC Helix Digital Workplace external administrator is connected to one node, and an external user is connected to another node), the value change implementation takes up to 5 min. 

5. To force external users password reset, perform the following steps:
   
   1. Turn on the Force external user password reset toggle.
      
      
   2. In the After field, enter the required quantity of days.
      The minimum allowed value is 15 days. The maximum allowed value is 365 days.
   3. From the  Password reset user notifications should be delivered list, select one of the following options:
      • Two weeks before expiration with daily reminders delivered during the final week.
      • Two weeks before expiration. One week before expiration. One day before expiration.
6. Click Save. 

To configure the domain rules

By default, there are no domain restrictions for registration.

1. In the Admin console, go to Configuration > External Users.
2. Open the Settings tab.
3. To restrict registration for certain domains, perform the following steps:
   1. From the Domain Rules list, select Blacklist.
   2. In the text field, enter a comma-separated list of domains or sub-domains.
      The blacklisted domains and sub-domains are not permitted for registration.

4. To permit registration for certain domains, perform the following steps:

   1. From the Domain Rules list, select Whitelist.
   2. In the text field, enter a comma-separated list of domains or sub-domains.
      Only the whitelisted domains and sub-domains are permitted for registration.

   Important

   The changes you make while configuring the domain rules do not affect existing registrations.

5. Click Save.
   When external users try to register in an external portal by using the unsupported domains or sub-domains, the following message is displayed, and the users cannot register: This domain is not valid for registration.

To configure the email notifications

By default, the frequency of email notifications is set to Daily.

1. In the Admin console, go to Configuration > External Users.
2. Open the Settings  tab.
3. In the Email notification settings section, select the frequency of receiving notifications about new user registrations. The following options are available:
   
   • Hourly
   • Daily 
   • Per request
   • None
     
4. Click Save.
   You receive email notifications about new registrations in your external portal according to the selected frequency. 
   If the  Auto-approve new user requests setting is turned off, in the generated email, the Review requests button is displayed, as shown in the following example:
   
   
   If you click the Review requests button, you are redirected to the User Management tab with the Approval Required sub-tab opened, where you can approve or block new external users. For more information about approving external users, see Managing-access-for-external-users.

Where to go from here