Dual control on APIGEE Edge

Not applicable

Hi All,

Is there a way to implement dual control on APIGEE edge?

We are working with a financial customer and they have very strict RBAC policies. Most of the system in the organization follow dual control when it comes to giving access to sensitive resource.

Is there a way to enable dual control on APIGEE edge? If not then may be its a good idea to consider in the roadmap 😉

2 2 154
2 REPLIES 2

Apigee Edge itself does not provide explicit support for dual control actions, for administrative tasks.

However, in most cases, security-sensitive customers implement their own "dual control" systems on top of the foundational security of Apigee Edge and the customer's own source code control system.

For example, in many cases, routine changes to the production Apigee Edge system can be permitted only via automated scripts - via the "pipeline". There is a strictly limited set of users - some of them headless - that are permitted to perform actions to the production system, like:

  • import an API Proxy
  • deploy or undeploy an API Proxy
  • create an API Product
  • Change a value in the KVM
  • Create or Change a setting in a virtual host or TargetServer
  • and so on.

There is a separate set of users that is permitted to request such changes. "Requests" for such changes are created by modifying configuration settings and checking those settings into the source-code control system. A build system like Jenkins will run a CI/CD pipeline to perform tests and verification, before finally propagating those changes into the production system.

you said,

Most of the system in the organization follow dual control when it comes to giving access to sensitive resource.

The above CI/CD approach would satisfy your requirements, I think. Do you agree?

@Dino

I see that for development and deployment we can achieve this via jenkins.

What about user administration?

We have created a user admin to manage users associated with roles and wanted to implement dual control for that. Can you give some inputs on that?

I was also wondering will removing all users from Org admin role (except the dev-admin user) have any impact? We have created all the roles required for development and deployments and all roles have access to proper management APIs.

What about apigee support and apigee sense? I think access to these portals is restricted to org-admins only.