Implementing Access Management
Tridion Access Management (or simplyAccess Management) provides implementors with a simplified approach to identity management and gives administrators a central location for ongoing management of access to applications. Implementing Access Management involves configuring identity providers in Access Management, securing Access Management itself, configuring logging, and making other types of configuration adjustments.
- Securing the Access Management feature
To secure the Access Management feature itself, you need to enable HTTPS and create at least one identity provider within Access Management. We recommend that you do this during the implementation phase, immediately after installing the feature; however, you can also do these tasks at any time after installation. - Creating and modifying identity providers
An Identity Provider (IdP) is typically set up shortly after installing the Access Management software. You can modify this IdP, as needed, such as to complete or adjust the access settings for the various applications. You can also configure additional IdPs. Access Management supports as many IdPs as needed for each implementation of Tridion Sites. - Setting up HTTPS for Access Management
When you first install Access Management, it is unsecured. In a production environment, RWS strongly recommends that you enable HTTPS for a secure connection. How you enable and configure HTTPS depends on whether Access Management is installed as Windows Service or as an IIS website. - Configuring logging for Access Management
By default, the log level is set toWarn, which means that warnings, as well as critical and non-critical errors, are logged. To change the detail level of the log messages, modify the application settings configuration file, appsettings.json. To configure any other aspect of logging, modify the file nlog.config in the same folder. - Add custom bootstrap data to Access Management
Create a custom bootstrap file to automatically add your custom data to Access Management whenever the application starts up. - Modifying encrypted data in the Access Management configuration file
Sensitive data stored in the appsettings.json file for Access Management is encrypted by default. Using the AppSettingsProtector tool, you can decrypt the file, modify the sensitive data, and then encrypt it again. - Updating the Access Management navigation shortcut
When you enable the Access Management feature while installing Content Manager, you are required to provide a URL for the service. One use of the URL is to create a shortcut on the slide-out navigation of the Classic user interface. If the underlying URL changes, you need to manually update the shortcut in the manifest.xml file. - Configuring the Access Management database for integrated authentication for Content Manager
While installing or configuring Access Management, you may have set up integrated authentication to the SQL Server database. If so, you can now configure the database server itself to complete the configuration of integrated authentication for Content Manager. - Access Management configuration reference
In the appsettings.json file for Access Management, you can define custom configuration for the Access Management application. within the Tridion Sites environment. - Access Management API
Use the Access Management API if you want to interact with Tridion Access Management programmatically rather than through the user interface. We provide the API definition in the OpenAPI JSON format, and provide reference documentation as well. - BFF web app clients to Access Management
When you have a front end that needs to interact with Core Service.REST, the most secure way to do this is to build a BFF web app that is a client to Access Management.