Hi All,

This is my first post at Apigee community.

We have chosen apigee edge private cloud as our path for enterprise API platform solution.

Edge UI is consumed by multiple application teams in our organization for exposing their API Services, eventually it will 500 to 100 API proxies.

We would like to restrict API Service team's user experience through RBAC:

Team1 builds 5 API proxies

Team2 builds 2 API proxies

When Team1 User logs into Edge UI

1. Need to show only their proxies and allow to manage. (can be done through Organization Roles)

For RBAC: We would like to maintain master record of Roles in Apigee, As an Organization, We have Entitlement system at central place.

When User logins into Edge UI, We would like to sync those groups.

Found RoleMapper Interface implementation to pull LDAPGroups and map to Apigee Organization Roles.

https://community.apigee.com/questions/29274/apigee-edge-integration-with-active-directory-for.html

2. Need to hide couple navigation links like SharedFlows, Environment.. (Right now there is no way)

Alternative Workaround: Creating two Edge UI instances(node1, node2)

node1 - with CSS changes enterpriseui.enterpriseui-4.19XXX-assets.jar in will be given to API Service teams for access.

node2 - Edge UI without any customization and will be used by API Admin team.

I am not sure, Above usecase is common requirement when we choose API Platform at Enterprise Level.

If any one came across same, Please share your thoughts that will help us in right direction.

Also Would it be great help from Apigee Community and think this one a feature for next release as it allows easy integration with existing systems.

1. Avoiding Any RoleMapper code changes and it should driven by LDAP configuration at the time of Edge SSO LDAP as IDP.

2. Edge SSO should allow any SAML assertion attributes to mapped to Roles in Apigee.

3. Provide a feature co-branding and easy customization at edge UI and allow navigation links and actions based on Roles.