Manage API Gateway users

Overview

The Users and Groups node in the Configuration Studio tree enables you to manage API Gateway users and groups, which are stored in the API Gateway user store. These settings are environment-specific, and typically need to be configured during promotion to an upstream environment.

By default, the API Gateway user store contains the configuration data for managing API Gateway user information. The API Gateway user store is typically used in a development environment, and is useful for demonstration purposes.

In a production environment, user information may be stored in existing user Identity Management repositories such as Microsoft Active Directory, Oracle Access Manager, CA SiteMinder, and so on. For more details, see the relevant API Gateway Integration Guide.

Note   API Gateway users provide access to the messages and services protected by API Gateway. However, admin users provide access to the API Gateway configuration management features available in Policy Studio, Configuration Studio, and API Gateway Manager. For more details, see the API Gateway Administrator Guide.

API Gateway users

API Gateway users specify the user identity in the API Gateway user store. This includes details such as the user name, password, and X.509 certificate. API Gateway users must be a member of at least one user group. In addition, users can specify optional attributes, and inherit attributes at the group level.

To view all existing users, select the Environment Configuration > Users and Groups > Users node in the tree. The users are listed in the table on the main panel. You can find a specific user by entering a search string in the Filter field.

Add API Gateway users

You can create API Gateway users on the Users page. Click the Add button on the right.

To specify the new user details, complete the following fields on the General tab:

  • User Name:
    Enter a name for the new user.
  • Password:
    Enter a password for the new user.
  • Confirm Password:
    Re-enter the user's password to confirm.
  • Signing Key:
    Click to load the user certificate from the Certificate Store. For details on how to create and import certificates, see Manage X.509 certificates and keys.

You can also specify optional user attributes on the Attributes tab, which is explained in the next section.

API Gateway user attributes

You can specify attributes at the user level and at the group level on the Attributes tab. Attributes specify user configuration data (for example, attributes used to generate SAML attribute assertions).

The Attributes tab enables you to configure user attributes as simple name-value pairs. The following are examples of user attributes:

  • role=admin
  • email=steve@axway.com
  • dept=eng
  • company=axway

You can add user attributes by clicking the Add button. Enter the attribute name, type, and value in the fields provided. The Encrypted type refers to a string value that is encrypted using a well-known encryption algorithm or cipher.

API Gateway user groups

API Gateway user groups are containers that encapsulate one or more users. You can specify attributes at the group level, which are inherited by all group members. If a user is a member of more than one group, that user inherits attributes from all groups (the superset of attributes across the groups of which the user is a member).

To view all existing groups, select the Environment Configuration > Users and Groups > Groups node in the tree. The user groups are listed in the table on the main panel. You can find a specific group by entering a search string the Filter field.

Add API Gateway user groups

You can create user groups on the Groups page. Click the Add button on the right to view the Add Group dialog.

To specify the new group details, complete the following fields on the General tab:

  • Group Name:
    Enter a name for the new group.
  • Members:
    Click the Add button to display the Add Group Member dialog, and select the members to add to the group.

You can also specify optional attributes at the group level on the Attributes tab. For more details, see API Gateway user attributes.

Update API Gateway users or groups

To edit details for a specific user or group, select it in the list, and click the Edit button on the right. Enter the updated details in the Edit User or Edit Group dialog.

To delete a specific user or group, select it in the list, and click the Remove button on the right. Alternatively, to delete all users or Groups, click the Remove All button. You are prompted to confirm all deletions.

Related Links