About Identity Management
This topic provides an overview of identity management on Anypoint Platform. As the Anypoint Platform organization administrator, you set up users for single sign-on (SSO) by configuring identity management in Anypoint Platform using one of the following single sign-on standards:
End-User identity verification by an authorization server including SSO
Web-based authorization including cross-domain SSO
Service initiated-SSO is not supported.
The following diagram shows the SAML identity management process:
Before configuring OpenID Connect or SAML 2.0, select an identity management provider (IdP). If you intend to use OpenID Connect, choose an OpenID Connect-compliant provider, such as PingFederate, OpenAM, or Okta; otherwise, choose any SAML 2.0-compliant provider. The following SAML providers have been successfully tested with Anypoint Platform:
Active Directory Federation Services (AD FS)
CA Single Sign-On
Familiarize yourself with the documentation of your Idp. After you select an IdP, set up your Anypoint Platform organization as your audience in your IdP configuration. Configure identity management in the Anypoint Platform master organization. The IdP you select is effective for the entire organization and all business groups. Configure attribute names on the IdP and Anypoint Platform to match.
After configuring identity management, you cannot add users to your organization in Anypoint Platform. In Access Management, Invite User is disabled to prevent this operation. To add new users your organization, include them in your external identity management solution according to your normal internal provisioning process.
Users that signin via SSO are new users to the system. Even if the user has the same username as an existing user, a new user is created and will exist side-by-side the existing user with the same username and are managed independently.
Follow the procedures to configure OpenID Connect or SAML 2.0 in this documentation.