IP & user filtering for custom configuration service
We have a Creatio installation on Creatio SaaS cloud with a few custom configuration services we have built. The security requirements are very stringent and we need to be able to permit access to these custom configuration services only to a few users & only to a few IPs. Pls find below questions in this regard -
- From what we understand, access to the GUI application and to the back end services are shared across the same Creatio credentials (via user setup). Can we disable GUI access to a few users and only enable access to these specific custom configuration services? Also, can we disable access to these configuration services for all other GUI users? In short - A few users only for these configuration services. A few users only for the GUI.
- We would like to permit only certain IPs access these configuration services. This can be handled in 4 layers - Network infrastructure layer (Load balancer etc), IIS Configuration on the WebServer, Explicitly verify and restrict access to certain IPs inside the configuration service logic. Which of these 3 is recommended from a feasibility & security perspective on Creatio SaaS cloud?
Thanks in advance