IAM Firewall

If you are hosting your own IAM, then place a firewall in front of it. Only CUE User Manager needs to make OIDC requests to the IAM. All UM clients, including CUE Content Store, CUE Editor and CUE Print make authentication, authorization and user identity requests to CUE User Manager only. The firewall must therefore be configured to:

  • Block incoming requests to all the OIDC endpoints listed in your OpenID service discovery documents that originate from any client other than CUE User Manager.

  • Block end user access to every part of your IAM except the login pages.

Copyright © 2019-2022 Stibo DX A/S