Merge pull request #9767 from mendix/olu-access-restriction-june25

OlufunkeMoronfolu · web-flow · commit 204dff9b0f0a · 2025-07-01T13:46:06.000+02:00
feat: updating docs to latest ui
diff --git a/content/en/docs/deployment/mendix-cloud-deploy/access-restrictions.md b/content/en/docs/deployment/mendix-cloud-deploy/access-restrictions.md
@@ -9,17 +9,24 @@ description: "How to limit access to your app using IP addresses and certificate
 
 ## Introduction
 
-Your app is accessible over the internet—but you may not want everyone to be able to access it. For fine-grained control over external access to your application, configure the access restrictions.
+Your app is accessible over the internet, but you may not want unrestricted access. Use access restrictions to apply fine-grained control over access to your application.
 
-You can apply restrictions to the top level of the application URL (`/`). You can also apply restrictions to more specific paths (such as `/ws/` or `/odata/`). This allows you to, for example, open up web services without giving general users access to the app itself. Presets are available to simplify common requirements, such as allowing or denying all access. In addition, custom profiles can be created using IP range filters and client certificate authorities (CAs).
+You can apply access restrictions at different URL levels, such as:
+
+* Top level of the application URL (`/`)
+* Specific paths (such as `/ws/` or `/odata/`). This allows you to, for example, open up web services without giving general users access to the app itself. 
+
+Presets are available to simplify common requirements, such as allowing or denying all access. In addition, custom profiles can be created using IP range filters and client certificate authorities (CAs).
 
 ## Access Restriction Profiles {#access-restriction-profiles}
 
-You can specify multiple different access restriction profiles for your application. You can give each of these a name that describes its purpose.
+You can specify multiple access restriction profiles for your application, each with a descriptive name that reflects its purpose.
 
-Click **New** to create a new access restriction profile. Select an existing profile and click **Edit** to modify it, **Clone** to copy it, or **Delete** to delete it.
+To view or manage access restriction profiles, follow these steps:
 
-{{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/access-restriction-profiles.png" alt="The Access Restriction Profiles tab" class="no-border" >}}
+1. From [Apps](https://sprintr.home.mendix.com), go to your app's **Environments** page.
+2. Click **Cloud Settings** ({{< icon name="settings-slider-1" >}}) from any of the [available tabs](/developerportal/deploy/environments/#available-tabs) to open the **Manage Cloud Settings** page.
+3. Switch to the **Access Restriction Profiles** tab.
 
 When configuring an access restriction profile, keep the following considerations in mind:
 
@@ -29,36 +36,39 @@ When configuring an access restriction profile, keep the following consideration
 
 ### Configuring Access Restriction Profiles {#access-restriction}
 
-To view the page where you can configure an access restriction profile, click **New** to create a new profile or **Edit** to modify an existing profile.
+To configure access restriction profiles, from the **Access Restriction Profiles** page, you can either:
 
-{{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/v4-access-restriction-profile.png" alt="The access restriction profile editing page" class="no-border" >}}
+* Create a new profile by clicking **New Profile**
+* Modify an existing profile by selecting the profile:
+    * Click the **More Options** ({{% icon name="three-dots-menu-horizontal" %}}) icon
+    * Click the **Edit** option to modify the profile
+    * Click **Delete** to delete an existing certificate profile
+    * Click **Clone** to copy and duplicate an existing certificate profile 
 
-Add IP ranges and certificate profiles as described below, then click **Save** to save the access restriction profile.
+When you create or edit a profile, you can add IP ranges and certificate profiles as described below.
 
 #### Changing the Profile Name
 
-To change the name of your access restriction profile, click **Edit** {{% icon name="pencil" %}} next to the name of the profile and enter the new name.
+To rename an access restriction profile. follow these steps:
 
-#### Specifying TLS Client Certificate Verification
+1. Locate the profile of interest from the **Access Restriction Profiles** page.
+2. Click the **More Options** ({{% icon name="three-dots-menu-horizontal" %}}) icon.
+3. Click **Edit**.
+4. In the edit page enter the new name.
+5. Click **Save** to apply your changes.
 
-Click **Create** to create a new TLS certificate profile, or select an existing profile and click **Edit**. If you are creating a new certificate profile, you will first be asked to enter the name of your profile. You can also delete an existing certificate profile by selecting a profile and clicking **Delete**.
+#### Specifying TLS Client Certificate Verification
 
-To change the name of a certificate profile, click **Edit** next to the name and enter the new name.
+Click **Create New Profile** to create a new TLS certificate profile, or select an existing profile and click **Edit**. If you are creating a new certificate profile, you will first be asked to enter the name of your profile.
 
-Upload your CA from a file in PEM format by clicking **Upload Certificate Authority**. Alternatively, click **Enter Manually** to open an editor where you can paste your CA.
+Upload your CA from a file in PEM format by clicking **Add Certificate**. This will open a page where you can choose to either browse your device for the file, or manually paste PEM-formatted CA content.
 
 {{% alert color="info" %}}
 Your CA must contain a single root certificate and can have multiple intermediate certificates. It should not contain client certificates.
 {{% /alert %}}
 
-{{% alert color="info" %}}
-Your CA for TLS client certificate verification must be different than the CA used to sign the SSL certificate configured for any custom domain of the app. Using the same CA for both can result in browsers requesting client certificates on all paths of the app.
-{{% /alert %}}
-
 Once the CA is uploaded, you will see a tree containing the root certificate and any intermediate certificates included in the CA. When you upload a CA, the last certificate in the CA will be selected by default.
 
-{{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/ca-profile.png" alt="Certificate authority profile" class="no-border" >}}
-
 Select the checkbox next to each intermediate or root certificate you want to use. Client certificates will be accepted if they are signed by any selected certificate. If you select more than one certificate in a branch, the client certificate will be accepted if it is signed by any of the selected certificates.
 
 {{% alert color="warning" %}}
@@ -73,11 +83,12 @@ Your CA for TLS client certificate verification should be different from the CA
 
 #### Specifying IP Ranges {#ip-ranges}
 
-You can specify a number of different IP ranges. Click **Create** to add a new IP range, or use **Edit** or **Delete** to modify an existing IP range.
+You can specify a number of different IP ranges. Click **Create New Profile** to add a new IP range, or use **Edit** or **Delete** to modify an existing IP range.
 
-For each IP range, you can specify a **Name** for the range and a range of addresses. Mendix Cloud supports both IPv4 and IPv6 format addresses.
+For each IP range, you can do the following:
 
-{{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/ip-range.png" alt="Edit IP Range dialog box" width=60% class="no-border" >}}
+* Enter a **Profile  Name** 
+* Specify a range of addresses. Mendix Cloud supports both IPv4 and IPv6 format addresses.
 
 ## Applying a Restriction to an Application Environment
 
@@ -115,26 +126,21 @@ Consider this example scenario in which a basic IP range restriction could be us
 To restrict access to the app to an IP range, follow these steps:
 
 1. From [Apps](https://sprintr.home.mendix.com), go to the app's **Environments** page.
-2. Switch to the **Access Restriction Profiles** tab.
+2. Click **Cloud Settings** ({{< icon name="settings-slider-1" >}}) from any of the [available tabs](/developerportal/deploy/environments/#available-tabs) to open the **Manage Cloud Settings** page.
+3. Switch to the **Access Restriction Profiles** tab.
 
-    {{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/app-restriction.png" alt="The Access Restriction Profiles tab" class="no-border" >}}
+4. Create an access restriction profile.
+5. Add one or more IP ranges to the access restriction profile.
 
-3. Create an access restriction profile.
-4. Add one or more IP ranges to the access restriction profile.
-
-    {{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/scenario1.png" alt="IP ranges added to the access restriction profile" class="no-border" >}}
-
-5. Save the access restriction profile.
-6. Go to the **Deploy** tab of the **Environments** page. Click **Details** ({{% icon name="notes-paper-edit" %}}) on the desired environment.
-7. Switch to the **Network** tab.
-8. Select the top-level path (`/`) and click **Edit**.
-
-    {{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/environment-restriction.png" alt="The Edit Path Range Access Restriction dialog box" class="no-border" >}}
+6. Save the access restriction profile.
+7. Go to the **Deploy** tab of the **Environments** page. Click **Details** ({{% icon name="notes-paper-edit" %}}) on the desired environment.
+8. Switch to the **Network** tab.
+9. Select the top-level path (`/`) and click **Edit**.
 
     {{% alert color="info" %}}Any path below this path that does not have an explicit restriction will inherit this access restriction profile.{{% /alert %}}
 
-9. Select **Custom Profile for Client Certificates and/or IP ranges** as the **New Restriction Type**.
-10. Select your access restriction profile as the **New Restriction Profile**, and save it.
+10. Select **Custom Profile for Client Certificates and/or IP ranges** as the **New Restriction Type**.
+11. Select your access restriction profile as the **New Restriction Profile**, and save it.
 
 ### Example Scenario 2 – Back-End Administration with Third-Party Web Service Integrations
 
@@ -148,18 +154,16 @@ Additionally, the company has decided to use TLS client certificates so they do
 
 To add this additional access restriction profile, follow these steps:
 
-1. Go to the **Access Restriction Profiles** tab of the **Environments** page.
-
-    {{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/app-restriction.png" alt="The Access Restriction Profiles tab" class="no-border" >}}
-
-2. Create a new access restriction profile.
-3. Upload the certificate of the internal CA that is used to sign the client certificates.
-4. Save the new access restriction profile.
-5. Go to the **Deploy** tab of the **Environments** page. Click **Details** ({{% icon name="notes-paper-edit" %}}) on the desired environment.
-6. Switch to the **Network** tab.
-7. Edit the `/ws/` path of the environment to apply the new access restriction profile. This overrides the default profile (for the top level `/`) for the selected path (`/ws/`).
-
-    {{< figure src="/attachments/deployment/mendix-cloud-deploy/access-restrictions/environment-restriction-2.png" alt="The Edit Path Range Access Restriction dialog box" width=75% class="no-border" >}}
+1. From [Apps](https://sprintr.home.mendix.com), go to the app's **Environments** page.
+2. Click **Cloud Settings** ({{< icon name="settings-slider-1" >}}) from any of the [available tabs](/developerportal/deploy/environments/#available-tabs) to open the **Manage Cloud Settings** page.
+3. Switch to the **Access Restriction Profiles** tab.
+
+4. Create a new access restriction profile.
+5. Upload the certificate of the internal CA that is used to sign the client certificates.
+6. Save the new access restriction profile.
+7. Go to the **Deploy** tab of the **Environments** page. Click **Details** ({{% icon name="notes-paper-edit" %}}) on the desired environment.
+8. Switch to the **Network** tab.
+9. Edit the `/ws/` path of the environment to apply the new access restriction profile. This overrides the default profile (for the top level `/`) for the selected path (`/ws/`).
 
 {{% alert color="info" %}}
 If the `/ws/` path should still be reachable from the office location without using a client certificate, add the IP ranges of the office location to the profile used for `/ws/`.
diff --git a/content/en/docs/releasenotes/deployment/_index.md b/content/en/docs/releasenotes/deployment/_index.md
@@ -15,7 +15,7 @@ Follow the links in the table below to see the release notes you want:
 
 | Type of Deployment | Last Updated |
 | --- | --- |
-| [Mendix Cloud](/releasenotes/developer-portal/mendix-cloud/) | June 12, 2025 |
+| [Mendix Cloud](/releasenotes/developer-portal/mendix-cloud/) | June 27, 2025 |
 | [Mendix for Private Cloud](/releasenotes/developer-portal/mendix-for-private-cloud/) | June 25, 2025 |
 | [Mendix on Azure](/releasenotes/developer-portal/mendix-on-azure/) | April 24, 2025 |
 | [SAP Business Technology Platform (SAP BTP)](/releasenotes/developer-portal/sap-cloud-platform/) | August 27, 2024 |
