This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
I'm going to close this idea as it's been a while without a response. If this is an error, please open a new idea.
Thank you for taking the time to provide your ideas to IBM. We truly value our relationship with you and appreciate your willingness to share details about your experience, your recommendations, and ideas.
Hi Scott,
We've discussed this use case internally with our development and deployment experts. We have the following observations:
Our product supports authentication using LDAP, but not authorizations -- which we don't support from any external system. Your use case seems to point to authorization use cases vs. authentication.
If you are using LDAP for authentication, SFG just maps the user from LDAP to our system and they get corresponding permissions. We don't take the permissions from LDAP, but from the internal app configuration (i.e. mailbox access, read/write, etc.).
Our core SFG UI doesn't allow setting up multiple users to share multiple mailboxes - but B2Bi allows this under the covers. B2Bi lets you do almost anything in regards to access to mailboxes where SFG is more constrained for simplicity sake.
It's really more deployment specific use case and process and procedure that allows these multiple users to share multiple mailboxes. You'll need to consider changing the add/remove user process on the LDAP server that is working with SFG mailbox access to achieve the use case you're describing
Having multiple users share access is typically not a best-practice security use case and comes with risks where scenarios could happen where a user has access when they shouldn't. Over time roles and responsibilities could change causing access being granted to users when it shouldn't be. B2Bi/SFG is a toolkit that can be configured to do anything you want, but comes with the risks above when configured this way.
Let us know if you have any additional questions or if we've misunderstood your use case. Thanks again.
Hi Mark,
Thanks for the response.
We have MyFileGateway mailboxes mapped to different groups of users for example Marketing and Finance mailboxes, assigned to these mailboxes are multiple users that we assign manually. The ideal scenario would be to map LDAP OU's (i.e. one for Finance, another for Marketing) to these mailboxes and any new joiners and leavers that were under that OU would have access with their LDAP credentials to access the mailboxes mentioned.
I hope that makes sense. Happy to clarify if it doesn't.
Thank you for taking the time to provide your ideas to IBM. I truly value our relationship with you and appreciate your willingness to share details about your experience, your recommendations and ideas.
I need a little more information to understand your idea. Can you describe your use case in more detail? i.e. what would you want an administrator to do in order to onboard your external uses to MyFG.
We do have support for LDAP in SFG when configuring user accounts. General setup instructions for LDAP with SFG: https://www.ibm.com/docs/en/b2b-integrator/6.2.0?topic=gateway-implementing-ldap-in-sterling-file
And in the add partner screen, there is an option for "external" authentication type that would leverage LDAP, once configured correctly. See screenshot.
I'm looking forward to your response. Once I can develop a clear picture of your request, I'll be able to let you know if we can add your idea to our future offering roadmap.
Great idea, and could potentially lead the way to implementing ad-hoc file transfers for external participants (with limited life accounts). How can we get this accelerated?
Great idea, maintaining My FG account manually is currently heavy, LDAP support would bring good value to our customers