How secure is it to allow access to Service Center, LifeTime, and AI Mentor Studio from the open internet?
What are the industry security standards that most developers follow? Do they typically restrict access using VPNs, limit access to specific IPs, or enforce MFA?
Could you provide some best practices for implementing secure access?
Hi Priya,
It is very secure, in my outsystems career I never heard that there where critical security vulnerabilities regarding accessing the OutSystems Tools. OutSystems does pentest their applications. Full description of all security related activities, procedures and certifications regarding security of the OutSystems platform can be found here: OutSystems Trust Center | Powered by SafeBase.
Regards,
Daniel
Hello Priya,Daniel has already replied with relevant information about being safe to have Service Center and Lifetime available on the Internet, but if you still want to implement some hardening measures and best practices like you mentioned, I will leave a few suggestions.To restrict access to Service Center and Lifetime from specific IPs address or subnets at the platform level, you can configure them as an Internal Network:https://success.outsystems.com/documentation/11/security/configure_an_internal_network/You can also restrict access to Service Center and Lifetime at the network level in your infrastructure in the load balancer, reverse proxy or firewall depending on what you intend to do.To implement MFA, you can configure authentication for IT users with an External IdP:https://success.outsystems.com/documentation/11/managing_outsystems_platform_and_application_lifecycle/manage_it_users/it_users_integration_with_external_idp_via_openid_connect/configuring_it_users_authentication_with_external_idp_via_openid_connect/