About Identity Management

As the Anypoint Platform organization administrator, you can configure identity management in Anypoint Platform to set up users for single sign-on (SSO). Configure identity management using one of the following single sign-on standards:

  • OpenID Connect: End user identity verification by an authorization server including SSO

  • SAML 2.0: Web-based authorization including cross-domain SSO

The following diagram shows the SAML identity management process:

external identity decbd

Before configuring OpenID Connect or SAML 2.0, select an OpenID Connect-compliant provider, such as PingFederate, OpenAM, or Okta. If you are not using OpenID Connect, select any SAML 2.0-compliant provider.

The following SAML providers are fully supported:

  • Salesforce

  • PingFederate (versions: 6, 7, 8)

  • OpenAM (version: 14)

  • Okta

The following SAML providers are known to work, but aren’t actively tested:

  • Active Directory Federation Services (AD FS)

  • Shibboleth

  • onelogin

  • CA Single Sign-On

  • SecureAuth

The following providers are fully supported to work with OpenID Connect:

  • Salesforce

  • PingFederate (versions: 6, 7, 8)

  • OpenAM (version: 14)

  • Okta

After you select an identity provider:

  • Set up your Anypoint Platform organization as your audience in your identity provider configuration.

    The IdP you select is effective for the entire organization and all business groups.
  • Configure identity management in the Anypoint Platform root organization.

  • Configure attribute names on the IdP and Anypoint Platform to match.

For more information, see the documentation for your identity provider.

After configuring identity management, you must add new SSO users using your external identity management solution and internal provisioning process. If you use the Invite User feature to add users to your organization after you have configured an identity provider, the credentials for these users are stored locally in your organization rather than with the identity provider.

Users that log in with SSO are new users to the system. If the new user has the same username as a user that already exists in your Anypoint Platform organization, the new user co-exists with the original user with the same username. Users with the same username are managed independently from one another.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub