Introduction
This article explains iPaaS SecurityAudience
It is assumed that readers of this article know about iPaaS platform (webMethods.io)Prerequisites
Cloud Integration: Cloud integration services have become a critical business priority as enterprises everywhere are increasingly turning to Software-as-a-Service (SaaS) applications like Salesforce.com®, ServiceNow® and SuccessFactors®. Successful cloud integration enables companies to avoid creating new silos of information in the cloud applications and to maintain the highest levels of security and reliability when connecting with cloud solutions. Software AG is committed to providing the highest level of security when connecting to Software AG iPaaS platform (webMethods.io) and when connecting to other systems using Software AG iPaaS platform (webMethods.io).webMethods.io integration lies under the umbrella of Software AG Cloud and Software AG Cloud is
responsible for user’s accessibility, SSO and environments.
When we choose webMethods.io subscription a user is created with limited access.
Software AG Cloud: Software AG Cloud provides the option where we can manage the users, roles, Policies.
Users: We can add the user in the Software AG Cloud and can govern them by assigning the
appropriate roles.
Roles: Software AG Cloud provides the option to access different cloud products with specific access.
For example, we can provide the access to the cloud as a developer and not giving any special privileges. Apart from the developer access Software AG Cloud also provides the role like
- Cloud Tenant Administrator: When this role is assigned to the user, it can be used for deploying the assets from one tenant to other tenants.
- Account administrator: Account administrator is a superset for all user privileges. When this role is assigned to the user, it can be used for managing the environments, users and deployment activities.
SSO: Software AG Cloud provides the option to integrate different third-party identity provider system like Azure AD, Okta to implement the SSO login.
Environments: Software AG Cloud provides the option to integrate one environment to other environments for example linking one tenant to another tenant. Once the tenants are linked the assets can be published from one tenant to another tenant.
Integration:
In webMethods.io we provide multiple levels of security according to the user and the role associated with it.
Within webMethods.io we provide the option to secure our APIs, connector accounts, and many more.
Connector Accounts: In webMethods.io whenever we connect to a different SAS application then we need to configure the accounts. While configuring these accounts webMethods.io provide the option to connect the application using different security mechanism like basic Auth, SSL, multi-factor authentication, etc.
For example, if we want to connect salesforce, the salesforce connector provides multiple options for authentication as shown below in the screenshot.
Role/User Management in webMethods.io (Project access Permissions ): webMethods.io provides the option to restrict access to the project based on user and roles assigned to it.
Webhook : In webMethods.io when we develop the workflow it provides the option of how we want to secure our webhook API. We can secure it by using our tenant credentials or we can secure it by using the API key which gets added to the URL of webhook .
REST / SOAP APIs: webMethods.io provides the option to secure your API’s using multiple authentication mechanism like basic Auth, OAuth and many more.
Flow exposed as HTTP: In webMethods.io when we develop the FlowService, it provides the option to invoke those API using http endpoints. To connect to the flow service, we need to use basic authentication.
Audit Log: In webMethods.io under the monitor tab we have the option for audit logs. This audit log is quite useful for tracking the changes done in any of the projects on the tenant.
Connector CLI / Login/developer key: webMethods.io also provides the option to connect to the tenant using CLI commands. CLI will ask the developer key to connect to webMethods.io Integration.