Disable ads (and more) with a premium pass for a one time $4.99 payment
A DMZ reverse proxy is recommended when both internal and external users are accessing SailPoint IdentityIQ (IIQ). This setup provides a secure barrier between the internal network and external internet traffic, ensuring that sensitive data is protected while still allowing users from both environments to access the application.
When both types of users are involved, a reverse proxy acts as an intermediary that can handle requests from external users, distribute them to the appropriate internal resources, and return the responses. This not only enhances security by filtering and monitoring incoming traffic but also improves the overall efficiency and performance of the IIQ application. It enables centralized authentication and can provide additional layers of security, such as SSL termination or application firewall functions, which are vital in managing diverse access scenarios effectively.
In contrast, using a reverse proxy for only internal users does not address the security concerns that arise with external access, while limiting its use to external users would jeopardize internal access needs and complicate the infrastructure. A single server setup typically does not warrant a DMZ architecture unless there is a specific need for segregation of traffic, which makes the situation with both internal and external users the most valid case for employing a DMZ reverse proxy configuration.