Nav

About Identity Management

This topic provides an overview of identity management on all versions of Anypoint Platform, except Private Cloud edition. As the Anypoint Platform administrator, you set up users for single sign-on (SSO) by configuring identity management in Anypoint Platform using one of the following single sign-on standards:

  • OpenID Connect

    End-User identity verification by an authorization server including SSO

  • SAML 2.0

    Web-based authorization including cross-domain SSO

Service initiated-SSO is not supported.

The following diagram shows the SAML identity management process:

external-identity-decbd

Before configuring OpenID Connect or SAML 2.0, you need to select an identity management provider (IdP). If you intend to use OpenID Connect, choose an OpenID Connect-compliant provider, such as Okta; otherwise, choose any SAML 2.0-compliant provider. The following SAML providers have been successfully tested with Anypoint Platform:

  • PingFederate

  • OpenAM

  • Okta

  • Shibboleth

  • Active Directory Federation Services (AD FS)

  • onelogin

  • CA Single Sign-On

Regardless of the IdP you select, be sure to familiarize yourself with its documentation. After you’ve made your selection, you are ready to set up your Anypoint Platform organization as your audience in your IdP configuration, as well as configure identity management in the Anypoint Platform master organization. The IdP you use is effective for the entire organization and all business groups. Configure attribute names on the IdP and Anypoint Platform to match.

Follow the procedures to configure OpenID Connect or SAML 2.0 in this documentation.

In this topic: