If you are an enterprise organization considering using Stoplight's SaaS solution, be sure to review the items below to ensure you don't have any issues connecting with internal services.
1. Are your VCS or SSO providers accessible from the public Internet?
Stoplight requires access to any necessary VCS (Github, GitLab, etc) or SSO (SAML, LDAP) services in order to function properly. If these services are not accessible externally, then you may not be able to authenticate users and ensure your Stoplight documentation is up-to-date.
If this is the case, we recommend adding Stoplight's IP address range to a firewall whitelist to ensure Stoplight can connect to your internal systems. You can find the IP range needed here.
2. Are any services using TLS certificates self-signed, or signed by an internal CA?
Many organizations use an internal CA (Certificate Authority) for signing TLS certificates used by internal services and APIs. This means that any external services such as Stoplight need to be configured to trust the certificates exposed by these services, which would otherwise not be trusted.
If this is the case, please contact email@example.com with the root CA signing certificate so that your workspace can be configured appropriately.
3. Are any internal service domains or DNS records not registered publicly?
Many organizations use domains/hostnames only registered with internal DNS resolvers (for example, "git.internal.example.com"). While this is fine for anyone connecting internally, this makes external access impossible using the name alone, especially when paired with SSL requirements.
If this is the case, please register a public DNS record for any relevant services (VCS, SSO) to ensure that requests can be routed from Stoplight appropriately and SSL certificates can be properly verified.