Identity and Access Management (IAM)
Table of Contents
How Can My Employees Sign In to the Mendix Platform?
You can set this up in one of two ways:
- Use a platform password which you set during sign up. This means you can easily get started with the Mendix platform. Mendix applies common password complexity rules to the platform password and allows you to configure a password expiration period, after which developers will have to change their password. Two-factor authentication is applied within the Mendix Cloud for sensitive activities, including all operations on production environments.
- Use an identity federation between the Mendix Platform and your corporate Identity Provider (IdP). This allows you to provide your end-users with an end-to-end SSO experience. Mendix calls this feature BYOIDP (Bring-Your-Own-IDentity-Provider), sometimes referred to as ‘customer IdP’ OR ‘customer IdP SSO’. It is available for any app using the standard or premium packages.
Features of BYOIDP SSO
BYOIDP SSO includes the following features:
- It is based on the OpenID Connect (OIDC) protocol which supports corporate IdPs such as Azure Active Directory.
How Can I Define User Roles for My App?
There is more information on this in the How Can I Define User Roles for My App? section of Security Model.
How Do I Prevent Developers From Having Continued Access to the Mendix Platform After They Have Left My Company?
When you have set up an identity federation between the Mendix platform and your corporate IDP, blocking the developer in your IDP will completely block access to the Mendix platform. In this way, your central identity governance processes can also be applied to the Mendix platform.
For more information see How Can I Administer My Company Within the Mendix Platform? section of Platform Security.
Which Privileged Accounts Does Mendix have?
The most privileged accounts are user accounts with the Mendix Admin rights. Mendix Administrators act on a company level overseeing the various Mendix apps your company has created. A Mendix Administrator can use the Mendix Control Center to (de)activate users, edit their project roles, and set up App Access Groups as well as manage settings on a tenant level for your company.
For every app you develop with Mendix, a Technical Contact is assigned. The technical contact is the first point of contact for an app and is in control of deployment settings.