The OAuth Manager GUI (/oauth/manager) on the CA API Gateway does not natively support Multi-Factor Authentication (MFA). Customers who manage clients exclusively through the API Developer Portal may wish to disable the standalone OAuth Manager GUI for security reasons without disrupting the underlying OAuth engine or the Portal's client management capabilities.

• Product: CA API Gateway
• Component: OAuth Toolkit (OTK)
• Version: All supported versions

The OAuth Manager is installed as a set of standalone service endpoints during the OTK deployment. While these endpoints provide a management interface, the core OAuth handshake and Portal-based management APIs function independently of the GUI services.

The OAuth Manager GUI can be safely disabled by deactivating its specific service endpoints within the Layer7 Policy Manager.

Steps to Disable:

1. Log in to the Layer7 Policy Manager.
2. Navigate to the OAuth Manager folder in the services tree.
3. Locate the following three service endpoints:
   • /oauth/manager
   • /oauth/manager/clients
   • /oauth/manager/tokens
4. Right-click each service and select Disable Service.
5. Validation:
   • Attempt to access https://<gateway_host>:<port>/oauth/manager to confirm it is no longer reachable.
   • Test Client Management via the API Developer Portal to ensure functionality remains intact.
   • Perform a test OAuth handshake (token request and validation) to verify core OTK functionality is unaffected.

Important Note on Upgrades: During an OTK upgrade, these service endpoints are often deleted and re-created by the installer. This process may automatically re-enable the services. It is recommended to verify and re-disable these endpoints as part of your post-upgrade checklist.