Show TOC

Security ConsiderationsLocate this document in the navigation structure

Use

When implementing an external-facing portal, you must carefully consider the following issues:

  • You must allow access to anonymous and self-registered users, and select the content to provide to each type of user.

  • The network on which the portal runs must be available to the general public but access to the company's internal network must be blocked to unauthorized users.

Anonymous and Self-Registered Users

In addition to registered users, an external-facing portal can be accessed by the following types of users:

  • Anonymous Users: Users who can view content without providing a user name and password.

    These users are automatically assigned to a particular user (the default anonymous user is Guest ).

    For more information about setting up the portal to allow anonymous users, see Using Anonymous Logon to Access the Portal .

  • Self-Registered Users: Users who enter as anonymous users, and then register with the portal. During registration, users set a user name and password. In subsequent visits to the portal, users log in with this user name and password.

    These users are automatically assigned to a particular group (the default group for registered users is Everyone ).

    For more information about assigning self-registered users to specific groups, see Self-Registration .

Exposing the Portal to the Internet

An external-facing portal is available to the general public, exposing the portal to users outside the company's network.

Secure the system landscape, for example, by configuring HTTP services and firewalls for external access. For more information, see the Portal Security Guide .