Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New IA - Portal Section #5863

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions tyk-docs/config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ enableGitInfo = true
disableKinds = ["term","taxonomy"]
canonifyURLs = false
timeout = "60s"
refLinksErrorLevel = "WARNING"
refLinksNotFoundURL = ""
[params]
GithubEdit = "https://github.com/TykTechnologies/tyk-docs/edit/master/tyk-docs/content/"
GithubReadOnly = "https://github.com/TykTechnologies/tyk-docs/blob/master/tyk-docs/content/"
Expand Down
36 changes: 36 additions & 0 deletions tyk-docs/content/developer-support/faq.md
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,42 @@ This section lists commonly asked questions or frequently encountered issues and
- For *Amazon RDS* users, check their [backup and restore documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.BackupRestore.html). To further enhance your PostgreSQL backup process, you can explore services like [AWS RDS Automated Backups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html) if you're hosting your database on AWS.
- For *CosmosDB* users check their [online backup and on-demand data restore documentation](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/concepts-backup)

## Enterprise Developer Portal

1. **What happens if the Portal goes down ?**

In the event of the portal application being down, the other components of the Tyk Stack will remain unaffected.
This means your APIs will still be operational, and analytics will continue to be recorded.
Developers will also be able to use their credentials for both oAuth2.0 and API Keys APIs.

However, since the portal application is down, developers won't be able to access their credentials or the analytical dashboard, request access to new API Products, or revoke or rotate their access credentials.
Additionally, admin users won't be able to use the portal, whether through its UI or APIs.
This means you won't be able to create, change, or remove any item managed by the portal, such as developers, organizations, content pages, API Products, plans, and more.

Despite this, you still have some control over access credentials.
If you need to rotate or remove access credentials, you can do so directly in the Tyk Dashboard or in your identity provider.

2. **What happens if the Dashboard goes down ?**

If the Tyk Dashboard goes down, developers will still be able to access their access credentials, but they won't be able to rotate or remove their existing credentials, or request access to API Products.
Additionally, the API Analytics dashboard will be compromised.

However, API traffic will remain unaffected, meaning that your APIs will continue to be operational, and analytics will continue to be recorded.

In terms of admin functionality, the only limitation will be the inability to approve or reject access requests or revoke or rotate access credentials.


3. **Does the portal support SQL databases for storing the portal's CMS assets ?**

{{< note success >}}
**Note**

Tyk no longer supports SQLite as of Tyk 5.7.0. To avoid disruption, please transition to [PostgreSQL]({{< ref"planning-for-production/database-settings/postgresql#introduction" >}}), [MongoDB]({{< ref "planning-for-production/database-settings/mongodb" >}}), or one of the listed compatible alternatives.
{{< /note >}}

The Enterprise Developer Portal supports SQL databases (MariaDB, MySQL, and PostgreSQL) for storing the portal's CMS assets.
During the bootstrap process, the portal will create the appropriate tables in the main database. The only thing required to enable SQL storage for the portal's assets is to specify the `db` [storage type]({{< ref "/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal_storage" >}}) either via a config file or an environment variable.

## Tyk Gateway

1. **How to Check Your Gateway Version ?**
Expand Down

Large diffs are not rendered by default.

3,097 changes: 3,097 additions & 0 deletions tyk-docs/content/portal/customization.md

Large diffs are not rendered by default.

367 changes: 367 additions & 0 deletions tyk-docs/content/portal/developers.md

Large diffs are not rendered by default.

1,852 changes: 1,852 additions & 0 deletions tyk-docs/content/portal/install.md

Large diffs are not rendered by default.

417 changes: 417 additions & 0 deletions tyk-docs/content/portal/overview.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -1,22 +1,73 @@
---
title: "Enable single sign on for admin users and developers"
date: 2022-02-10
tags: ["Tyk Developer Portal","Enterprise Portal", "single sign on", "SSO"]
description: "How to enable single sign on for admin users and developers"
menu:
main:
parent: "Manage API Users"
weight: 4
title: "Developer Portal Settings"
date: 2022-12-28
tags: ["Tyk Developer Portal","Enterprise Portal","Email","Notifications"]
aliases:
- /tyk-stack/tyk-developer-portal/enterprise-developer-portal/getting-started-with-enterprise-portal/setup-email-notifications
description: ""
---

{{< note success >}}
**Tyk Enterprise Developer Portal**

If you are interested in getting access, contact us at [[email protected]](<mailto:[email protected]?subject=Tyk Enterprise Portal Beta>)
If you are interested in getting access contact us at [[email protected]](<mailto:[email protected]?subject=Tyk Enterprise Portal Beta>)

{{< /note >}}

## Introduction
## Email Configuration

Configuring the emailing settings is necessary for the portal to send notifications to admin users and API consumers.
Once the configuration is finished, the portal will send emails upon the following events:
* Password reset;
* New access request;
* Access request approved;
* Access request rejected;
* Pending user registration request;
* Invitation to a user to register in the portal;
* User account is activated;
* User account is deactivated;
* New organization registration request is created;
* Organization registration request is accepted;
* Organization registration request is rejected.


**Prerequisites**

Before setting up the emailing configuration, you need your email server up and running.
To complete the email setup, you will need the following information about your SMTP server:
* Address of your SMTP server;
* A port on which it accepts connections;
* Username and password to connect to your SMTP server.

### Portal Admin User Notifications

To start with, you need to configure an email address where the portal will send notifications for admin users: new API Product access requests, new organization registration requests, and so on.
For that, you need to navigate to the General section in the Setting menu, scroll down to the Portal admin notification address, and specify the admin email address in the Portal admin email field.
{{< img src="img/dashboard/portal-management/enterprise-portal/admin_email_settings.png" alt="Portal admin notification address settings" >}}

### Outbound Mailing

#### The default from email

To enable the portal to send notifications to admin users and API Consumers, you need to specify the outbound email address in the Default Email From field.
No notifications will be sent until the Default Email From field is specified.
{{< img src="img/dashboard/portal-management/enterprise-portal/default_from_email_settings.png" alt="Default from email settings" >}}

#### Email Subjects

Once the default from email is configured, you can specify subjects for notifications.
If you don’t, the default subjects will be used for email notifications.
{{< img src="img/dashboard/portal-management/enterprise-portal/email_subjects_settings.png" alt="Email subject settings" >}}

#### SMTP Server Settings

Once the default from email, the admin notification email, and the subjects for outbound emails are configured, you need to configure settings for the SMTP server.
To do so, navigate to the SMTP setting section in the Settings/General menu and specify:
* Your SMTP server host and port;
* The SMTP username and password if authentication is configured for your SMTP server.
{{< img src="img/dashboard/portal-management/enterprise-portal/smtp_settings.png" alt="SMTP settings" >}}

## Configure Developer Portal SSO
Single sign-on (SSO) enables users to access multiple applications using one set of login credentials,
reducing the burden of password management and improving security. SSO is relevant for businesses of all sizes,
streamlining access control and improving user experience. Regardless of your organization's size, implementing SSO can enhance security,
Expand All @@ -25,11 +76,11 @@ simplify access to enterprise resources, and strengthen user satisfaction.

In this section, you’ll learn how to enable single sign-on for admin users and developers in the Tyk Enterprise Developer portal with 3rd party identity providers (IDPs).

## Prerequisites
**Prerequisites**
- A Tyk Enterprise portal installation
- [Supported](https://github.com/TykTechnologies/tyk-identity-broker#using-identity-providers) 3rd party identity provider up and running

## Configure Tyk Enterprise Developer portal for SSO
### Configure Tyk Enterprise Developer portal for SSO
Configuration on the portal side is quite straightforward. You need to specify the portal SSO API secret that acts as a credential for the APIs that are used by TIB for communication with the portal within Single Sign-On flow.
You can use any value for the portal SSO API secret, but it should be consistent with [TIB configuration]({{< ref "tyk-stack/tyk-developer-portal/enterprise-developer-portal/managing-access/enable-sso#configure-tyk-identity-broker-to-work-with-tyk-enterprise-developer-portal" >}}).

Expand All @@ -45,20 +96,20 @@ extraEnvs:
value: "your-portal-api-secret"
```

## Configure Tyk Identity Broker to work with Tyk Enterprise Developer Portal
### Configure Tyk Identity Broker to work with Tyk Enterprise Developer Portal
The Tyk Enterprise Developer portal uses the [Tyk Identity Broker](https://tyk.io/docs/tyk-identity-broker/) to work with various Identity Management Systems, such as LDAP,
Social OAuth (e.g., GPlus, Twitter, GitHub), or Basic Authentication providers. Therefore, to configure Single Sign-On for the portal,
you need to install and configure Tyk Identity Broker first. Follow these steps to achieve this:

### Install Tyk Identity Broker
#### Install Tyk Identity Broker
Please refer to [the TIB installation guide documentation]({{< ref "tyk-identity-broker/getting-started#installing-tib-as-separate-application" >}}) for different installation options:
- [Docker](https://hub.docker.com/r/tykio/tyk-identity-broker/#the-tibconf-file)
- [packages](https://packagecloud.io/tyk/tyk-identity-broker/install#bash-deb)
- [Tyk helm chart]({{< ref "tyk-identity-broker/getting-started#via-helm-chart-for-kubernetes" >}})

### Specify TIB settings to work with the Tyk Enterprise Developer portal
#### Specify TIB settings to work with the Tyk Enterprise Developer portal

#### Docker or packages
##### Docker or packages

Create tib.conf file for [the Docker installation](https://hub.docker.com/r/tykio/tyk-identity-broker/#the-tibconf-file) or if you use [packages](https://packagecloud.io/tyk/tyk-identity-broker/install#bash-deb) to deploy TIB:
```.json
Expand Down Expand Up @@ -98,7 +149,7 @@ Setting reference:
- **TykAPISettings.DashboardConfig.AdminSecret** is `PortalAPISecret` in the configuration file of the Developer portal.

The full reference for the configuration file is in [the TIB section of the documentation]({{< ref "tyk-configuration-reference/tyk-identity-broker-configuration" >}}).
#### Helm charts
##### Helm charts
If you wish ot deploy TIB in Kubernetes via [Tyk helm chart]({{< ref "tyk-identity-broker/getting-started#via-helm-chart-for-kubernetes" >}}), you need to specify TIB config as extraVars:
```.yaml
extraEnvs:
Expand Down Expand Up @@ -132,15 +183,15 @@ extraEnvs:

The full reference for the configuration file is in [the TIB section of the documentation]({{< ref "tyk-configuration-reference/tyk-identity-broker-configuration" >}}).

## Configure Single Sign-On for admin users and developers
### Configure Single Sign-On for admin users and developers

### What is the Tyk Identity Broker profile
#### What is the Tyk Identity Broker profile
The Tyk Identity Broker (TIB) uses [profiles]({{< ref "tyk-stack/tyk-identity-broker/about-profiles" >}}) to define details related to the identity provider such as its type and access credentials, and instructs TIB on how to treat users that try log in with that provider.
In this guide, you will create two TIB profiles for admins users and developers. This allows you to have different identity providers for admins and developers as well as for internal and external users.

Depending on your installation options for TIB, you need to specify profiles via a json file (for Docker or packages) or via a ConfigMap (for Tyk Helm Chart).

#### profiles.json for Docker or packages installation
##### profiles.json for Docker or packages installation
Here is an example of profiles.json file for Docker or packages installation:
```.json
[
Expand Down Expand Up @@ -194,7 +245,7 @@ Here is an example of profiles.json file for Docker or packages installation:
]
```

#### ConfigMap for Tyk Helm chart installation
##### ConfigMap for Tyk Helm chart installation
Here is an example of ConfigMap for the Tyk Helm chart installation:
```.yaml
apiVersion: v1
Expand Down Expand Up @@ -252,7 +303,7 @@ data:
}]
```

### Configure Single Sign-On for admin users
#### Configure Single Sign-On for admin users
The Tyk Enterprise Developer portal has two audiences: developers and admins. This section provides guidance on implementing
Single Sign-On for admin users. The configuration is rather straightforward, and you need to take these three steps
to enable Single Sign-On for admin users in your portal instance:
Expand Down Expand Up @@ -334,11 +385,11 @@ Here is an example of such page that works with a profile for LDAP identity mana
```
3. Now you should be able to log in to the portal with your identity provider as an admin user

### Configure Single Sign-On for developers
#### Configure Single Sign-On for developers
This section relates to configuration and settings required to set up Single Sign-On for developers. Configuration for developers is also straight forward.
However, for developers there is one additional.

#### User group mapping
##### User group mapping
In order to land a developer into the right API Consumer organization, it is necessary to configure the UserGroupMapping
in the TIB profile that creates a binding between user groups in your IDP and developer teams in the portal.

Expand All @@ -364,7 +415,7 @@ To determine whether a developer should be allowed to log in and which team they
{{< img src="/img/dashboard/portal-management/enterprise-portal/user-group-mapping-algorithm.png" alt="User group mapping algorithm" width="1000">}}


#### Configure profile to enable Single Sign-On for developers
##### Configure profile to enable Single Sign-On for developers
Follow these steps to enable Single Sign-On for developers:
1. Create a profile for the Tyk Identity Broker (TIB) to work on your identity provider. Make sure the ActionType is equal to "GenerateOrLoginUserProfile", and OrgID is equal to "0":
```.json
Expand Down
Loading
Loading