Manage Identity Providers

Configure up to 25 external identity providers (IdPs) to enable single sign-on (SSO) for users in your organization. Anypoint Platform currently supports SAML 2.0 and OpenID Connect (OIDC) configurations for SSO providers.

If you are using the Access Management API, note the following:

  • The old endpoints that are not scoped to new IdPs are replaced with new endpoints.

  • IdPs created prior to October 31, 2021 are backwards compatible with old endpoints.

  • If a legacy IdP is deleted, then old endpoints are no longer supported, even if the legacy IdP is readded.

Managing User Identities with Anypoint Platform

By default, an organization manages user identities and credentials using Anypoint Platform. You can disable this functionality after you add one or more external identity providers.

Organizations that use Anypoint Platform to manage user identities control whether new users are added to the organization using either Access Management settings or an external identity provider. Organizations that do not require multi-factor authentication (MFA) for their user accounts choose to enable or disable MFA and exempt accounts. If an organization requires MFA, administrators manage exempt accounts in the Identity Providers section using the Anypoint settings.

Before You Begin

Before getting started, ensure that you have:

  • The Organization Administrator permission

  • An OpenID Connect or SAML 2.0 identity provider

Managing Identity Providers

Access your list of identity providers, configure settings, and add additional identity providers.

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Identity Providers.

A list of identity providers appears.

Adding Identity Providers

Click Add Identity Provider, and then select the identity provider type you want to add. Choose one of the following:

Deleting Identity Providers

If you have more than one identity provider configured, delete external identity providers that you no longer need.

Before deleting an IdP, ensure that your users' credentials and permissions structures are configured with a different IdP, such as the native Anypoint Platform IdP or an external IdP.

When you delete an IdP:

  • Users can no longer use this IdP to log in to Anypoint Platform.

  • Any external team or role group mappings associated with this IdP are deleted.

  • The Access Management API endpoints associated with this IdP are no longer supported.

To delete an identity provider:

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Identity Providers.

  4. Next to the identity provider you want to delete, click the …​ menu.

  5. Click Delete…​

  6. In the API Update window, click Continue.

  7. Enter the name of your identity provider.

  8. Click Delete.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub
Give us your feedback!
We want to build the best documentation experience for you!
Help us improve with your feedback.
Take the survey!