This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Management UI to be accessed internally not thro Internet

Posted on 11-26-2018 02:32 PM
abiramradhakris
New Member
Reply posted on --/--/---- --:-- AM

Hi,

Is there any detailed step on accessing the Apigee Cloud Management UI (internally ie within Client Env) and restrict it via Internet ?

Plus authentication to be done thro our client AD only for Apigee Cloud Management UI..

Our Apigee Cloud is already provisioned.

Q: For Apigee Cloud if we have restriction accessing Management UI only internally, will it have any side effects or impacts vs accessible from internet ?

Q: If its possible please list the steps/ link or if any working code (which ever applicable )

Q: Does such approach need to be done as stepped approach like do in Dev first then test then prod then to all higher env?

Q: who are the actors or dept need to be involved from our client team if both Apigee and Client need to work on this in parallel.

Solved Solved
0 3 160
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

The Apigee Edge cloud service is available on the internet. It cannot be restricted.

It is possible to set up your organizations to use Single Sign on. This means you would control the sign-in to the Admin UI, via your own Identity Provider (IdP). This does not prevent access via the internet.

I would recommend that yes, you test the Single Sign-on provisioning with non-production organizations first.

Contact Apigee Support for assistance.

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

The Apigee Edge cloud service is available on the internet. It cannot be restricted.

It is possible to set up your organizations to use Single Sign on. This means you would control the sign-in to the Admin UI, via your own Identity Provider (IdP). This does not prevent access via the internet.

I would recommend that yes, you test the Single Sign-on provisioning with non-production organizations first.

Contact Apigee Support for assistance.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
abiramradhakris
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

@Dino Thanks for reply.

I have raised the service ticket.

Logical separation of cloud is based on Organization (example dev,test,qa,uat and prod).

Can I have separate SSO per organization or only prod SSO can connect to every organization ?.

I was not sure if each Org is capable of connecting to separate SSO instances ?

Like Prod SSO with Prod Org and UAT SSO with UAT Org

or

Apigee Cloud Orgs have capability of connecting with single SSO irrespective of Orgs.. ? Do we have detailed docs on same ?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to abiramradhakris
Reply posted on --/--/---- --:-- AM

You're welcome. I'm glad to be of assistance.

You can have a distinct Identity "Zone" for different subsets of organizations. So your prod org might be in one "zone" and your non-prod orgs in another zone. Signing into one zone gets you access to the orgs that are mapped to the zone.

The doc is here:

https://docs.apigee.com/api-platform/system-administration/enabling-saml-authentication-edge

Currently setting up SAML Single Sign on is something that you do with the assistance of Apigee Edge support staff. In a very short time, this will be a self-service thing; you will be able to set up zones yourself, configure the IdPs, map the organizations, and so on. At that time the options will be much more thoroughly documented.

Jump to Solution
0 Likes