mTLS Security

Along with auth code flow, Platform 6 Integration Models also support Mutual TLS (mTLS), a variation on transport layer security (TLS) certificates, that extends secure communications provided by TLS by adding additional authentication between client and server. In mTLS, both the client and server have a certificate, and both sides authenticate using their public/private key pair.

mTLS Security Schema

From the securitySchemes object of an example imported integration model (Figure 1), the securityKey sets the mutualTLS authentication type, which supports ca, certificate, and key credentials.

Figure 1: mTLS Schema

How to Apply Mutual TLS Authentication

To set up mTLS requires trusted certificates:

1. Go to Itential Platform → Admin Essentials → Integrations and select your integration from the left navbar.

2. From the Integration UI, you can drag and drop your files into the drag-and-drop area to upload your certificate, key and ca files (Figure 2). Alternately, select the click to browse link to navigate to the files on your system.

3. Once the files are uploaded to the integration, make sure the enabled checkbox below tls is selected (checked) to enforce mTLS and only allow a connection when mTLS authentication is successful.

   • Deselect the checkbox to allow a connection to proceed even if mTLS authentication fails, or a request is sent without a mutual client certificate.

4. Click Save to retain your changes.

Figure 2: mTlS Integration