Authentication and Authorization for Gateway, Policy manager and Developer portal
search cancel

Authentication and Authorization for Gateway, Policy manager and Developer portal

book

Article ID: 208588

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We need some inputs for below details:

1. How to stop using default admin user accounts and disable them from Gateway, Policy manager, Developer Portal?

2. Integration with Okta for user authentication & authorization for Gateway, Policy manager, Developer Portal administration/usage

3. Are these options available on current version or do we need to use any other version for this?

Environment

Release : 9.4 , 10.x

Component : API GATEWAY

Resolution

1.Can we use ldap service similar to okta for logging into the policy manager, developer portal. Also manage user access from ldap service i.e determining whether the user is admin or developer.
Answer : yes, LDAP users can be used to login to the Portal

Login on Policy Manager use Internal identity , but it can configure using ldap also

As far as accessing Policy Manager via ldap credentials you can take a look at the following which goes over how to accomplish this. 
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/security-configuration-in-policy-manager/identity-providers/ldap-identity-providers.html 
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/security-configuration-in-policy-manager/identity-providers/ldap-identity-providers.html

From the portal side of things, you can take a look at the following which goes over adding an ldap authentication scheme: 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/set-up-and-maintenance/configure-authentication-schemes/configure-lightweight-directory-access-protocol.html


2.Can we use ldap service instead of using ssgconfig for logging into gateway server.
Answer : yes ,LDAP Idp is designed for users who wish to use an existing LDAP server to authenticate requests to the Layer7 API Gateway services/API.

to use LDAP Idp you would to see the documentation available.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/security-configuration-in-policy-manager/identity-providers/ldap-identity-providers.html

Powered by Wolken Software