Professional Documents
Culture Documents
Mule Identity Management
Mule Identity Management
The IdP you select is effective for the entire organization and all business groups.
URL
PingFederate
Nam Okta Example URL Salesforce Example URL OpenAM Example URL
Example URL
e
The dynamically registered application at the identity provider has only default settings. If you want to
configure additional functionalities (such as group mappings), you must update the settings on the
provider side. Configuring dynamically registered applications is not currently supported.
o Port
The port used to communicate to your LDAP server. The default ldap port is 389 . The default
ldaps port is 636 .
o Self-Signed Cert
Mark this check box if you are using a self-signed certificate on your LDAP server. Use a Self-
Signed certificate for testing your connection to the LDAP server.
o Bind DN
The distinguished names for the user making the LDAP queries. For
example, uid=admin,ou=people,dc=mulesoft,dc=com .
o Password
o Connection Timeout
o Operation Timeout
The timeout frame (in milliseconds) for an operation. For example, 30000 .
Group
The base level for your groups search base object. For
example, ou=groups,dc=mulesoft,dc=com .
o Group
The distinguished name for your groups search base object. For
example, ou=groups,dc=mulesoft,dc=com .
o Search filters
o User by Username
The search filter to find users by user name. For
example, (&(objectClass=inetOrgPerson)(uid={{username}})) .
o User by Email
o Group by GroupName
The search filter to find groups by groupName. For
example, (&(objectClass=groupOfNames)(cn={{groupName}})) .
o Email
o First Name
Last Name
Field that represents the last name. For example, sn .
o ID
o ID
Prerequisites
o Your Anypoint Platform organization must be set up as your audience.
o The assertion consumer service must be set to send a POST request
to https://anypoint.mulesoft.com/accounts/login/:org-domain/providers/:prov
iderId/receive-id .
Note that :providerId is available only after you create the provider configuration.
If you are using the Anypoint Platform EU Control Plane, the endpoint
is https://eu1.anypoint.mulesoft.com/accounts/login/:org-domain/providers/:
providerId/receive-id .
If you are using the Anypoint Platform Gov Cloud, the endpoint
is https://gov.anypoint.mulesoft.com/accounts/login/:org-domain/providers/:
providerId/receive-id .
Redirect URL provided by the IdP for signin, for example: https://example.com/sso/saml .
Field name in the SAML AttributeStatements that maps to First Name .
Field name in the SAML AttributeStatements that maps to Last Name .
o Email Attribute
o Group Attribute
7. Click Create.
8. Log out of Anypoint Platform, navigate to the sign-on URL you entered in
the Identity Management SAML 2.0 form, and then log in through your identity
provider to test the configuration.
If you are migrating from the default Anypoint Platform SSO certificate to a new certificate, you must
update the Assertion Consumer Service (ACS) URL in your IdP. Only the new ACS URL supports the keys
generated by the key rotation feature. If your ACS URL already follows the pattern
of …/accounts/login/:org-domain/providers/:providerId/receive-id , you do not
need to change the ACS URL.
Add Keys for Key Rotation
When you use the key rotation feature, you must have keys available in Anypoint
Platform for your IdP to use. Anypoint Platform enables you to generate new keys or
upload existing public/private key pairs.