By securing your Add-ons feature, you restrict access to the user interface or the API to only authenticated and authorized users.
In Tridion Sites 9.5 and later, the Add-ons feature connects to an external identity provider through the Access Management application. The process of securing the Add-ons feature involves tasks to configure the Add-ons connection to Access Management. In addition, the setup process involves some configuration changes in Content Management and Content Delivery.
Important: We strongly recommend that you secure the Add-ons feature and only run it without security on a development environment. If you run the Add-ons Service without security, the product has only minimal security measures set up. Users who access the Add-ons screens will permanently see a message at the top of the screen alerting them that they are running a security risk. As a very basic security measure for an unsecured Add-ons Service, you can restrict access to the Add-ons screens and the Add-ons Service API to a specific machine or machines. For example, you could allow access only from localhost. This effectively hides the Add-ons Service from the outside world.