Limit OAuth Manager Portal when NOT using on DMZ gateway


Article ID: 126382


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


I'm reaching out to see if there is a way to limit the exposure of the .../oauth/manager portal to isolate its access when it is only accessible within the internal network. Currently, our oauth manager portal is accessible from anywhere via the URL:; is there anyway to do this?

Note we are not using the DMZ/internal design approach for our solution



OTK Kit 4.2 


The DMZ / Internal is the out-of-box approach when installing it allows for selecting services for DMZ and internal access

However there is another customizable approach

Attached policy export that can be used to limit OAuth manager access by IP address range (NOTE Policy AS IS)

Suggest importing policy into a temp location, then perform a copy of the “At least one assertion must evaluate to true" to Folder: OTK -> Customization -> oauth manager -> #oath manager config;  this policy runs when OAuth/Manager is accessed, default is only comments

To customize access modify line 8 and enter IP Address range (example

<Please see attached file for image>

OAuth manager access


1558687256593000126382_sktwi1f5rjvs16f8f.png get_app
1558537068358OAuth_customization-manager_access.xml get_app