Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunitySubmit a ticketLog In
GitHubNuGetDev CommunitySubmit a ticket

Restrict access to the Admin Console

Describes how to restrict access the Admin Console in Commerce (SaaS).

📘

Note

Currently this is an option only in the cloud environment.

Access to the Admin Console can be disabled for any website within its environment. Consider the following scenario: My environment has 6 web servers, 3 of them are exposed to the public and 3 are internal facing. I only want to allow people to access to the Admin Console features for the 3 web servers that are on an internal network. The other 3 external web servers need to be locked down for security reasons and therefore, I do not want people access the Admin Console.

To facilitate this behavior, the DisableAdminAccess appSetting (web.config) needs to be set to "true". When set to a value of "true" the Admin Console, CMS shell, and the admin api's will be disabled and return error messages if someone attempts to use them.

Blocking /admin on the public domain will disable impersonation of users via the admin console. We do not block sub domain integration URLs.

Example:

  • main.com ~ /admin can be blocked.
  • main.insitesofthosting.com ~ /admin cannot be blocked.
  • eu-main.com ~ /admin can be blocked.
  • eu-main.insitesofthosting.com ~ /admin cannot be blocked.