Managing Business Groups
In the access management Business Groups page, you can:
-
Create business groups
-
View a hierarchical tree of all of the business groups you have permissions to view.
-
View and edit properties of a business group.
What you can view and edit depends on your permissions.
-
Add and delete business groups (if enabled at the root organization level).
-
View the Client ID and Client Secret for environments.
Access a Business Group
-
Sign in to Anypoint Platform using an account that has the Organization Administrator permission.
-
In the navigation bar or the main Anypoint Platform page, click Access Management.
-
In the Access Management navigation menu, click Business Groups.
-
Click the name of the root organization.
Client ID and Client Secret
Each root organization, environment, and business group within the root organization has its own associated unique client ID and client secret. These are used for authentication by users who are not organization administrators to access assets within an organization. The client ID and password are generated by Anypoint Platform for each environment you create, and they are globally unique.
To deploy proxies or APIs to CloudHub, you must use these values to configure a customer-hosted Mule Runtime or legacy API Gateway.
| Organization-level client IDs and client secrets are supported only for backward compatibility. In newer Anypoint Platform accounts, use the client ID and client secret for an environment instead. See Environments. |
View the Client ID and Secret for Environments
-
Sign in to Anypoint Platform using an account that has the Organization Administrator permission.
-
In the navigation bar or the main Anypoint Platform page, click Access Management.
-
In the Access Management navigation menu, click Business Groups.
-
Click the name of your root organization.
-
Click the Environments tab.
-
Click the name of the environment.
-
Next to the client secret, click Show.
View the Client ID and Secret for Businesss Groups
-
Sign in to Anypoint Platform using an account that has the Organization Administrator permission.
-
In the navigation bar or the main Anypoint Platform page, click Access Management.
-
In the Access Management navigation menu, click Business Groups.
-
Click the name of your root organization.
-
Click the Settings tab.
-
Next to the client secret, click Show.
|
Manage Root Business Group Settings
Only users with the Organization Administrator permission can manage these settings.
An organization administrator can modify the business group owner, name, domain name, and session timeout for its users.
To access these settings:
-
Sign in to Anypoint Platform using an account that has the Organization Administrator permission.
-
In the navigation bar or the main Anypoint Platform page, click Access Management.
-
In the Access Management navigation menu, click Business Groups.
-
Click the name of your root organization.
-
Click the Settings tab.
-
Modify any of the following settings, then click Save changes.
-
Name + This can be anything, for example, the name of the company.
-
Owner + The owner of the business group. + NOTE: Because business groups are hierarchical, the owner of a parent business group automatically has and retains administrator permissions for any child business group of that parent, even if they make another Organization Administrator user owner of a child business group.
-
Organization domain
Although multiple organizations can be created by different users using the same organization name, each organization must have a unique domain name.
[NOTE] Changing the name or domain name of an organization changes the deep links to any existing API Portals in your organization. -
Default session timeout + Set the amount of time (in minutes) a user is inactive before they are automatically signed out of Anypoint Platform. The default is 60 minutes, the minimum is 15 minutes, and the maximum is 180 minutes.
-
Confidentiality Notification + Create a custom popup that appears when users sign in to your organization. The character limit is 1000 alphanumeric characters and symbols:
@,:,?,!,,,.,;,',_, and-. You can also add line breaks using\nand tabs using\t. If you leave this field blank, users do not receive a notification at signin. -
Runtime Manager + The default region for Runtime Manager.
-
You can also view the organization ID, client ID, and client secret. These values apply to the root organization and grant permissions for all of the business groups contained within.
To modify your multi-factor authentication settings for your organization, click the Identity Providers in the Access Management navigation menu. Organizations created after April 30, 2022 require multi-factor authentication by default for all users.
View Limits for a Business Group
Each business group has a Limits section that shows how close it is to reaching the limits that are imposed by Anypoint Platform.
To view limits:
-
In the Access Management navigation menu, click Business Groups.
-
Click the name of the business group you want to access.
The Settings section appears, showing details about the root organization or business group. -
Click the business group for which you want to view limits.
-
Click the Limits tab.
For more information on limits in access management, see Limits.
Find your Business Group ID
Some operations require you to specify your business group (organization) ID, or orgId. You also need your business group ID to designate a business group or root organization when creating certain types of requests.
You can get your business group ID from your organization URL, executing an Anypoint CLI command, or using a token to invoke the Anypoint Platform REST API.
Organization URL
After signing in to Anypoint Platform, you can view your business group ID by accessing business groups.
-
Log in to Anypoint Platform.
-
In the navigation bar or the main Anypoint Platform page, click Access Management.
-
If you are using the new feature UI (Teams feature is enabled):
-
In the Access Management navigation menu, click Business Groups.
-
In the tree that contains the root business group, click the root business group name.
The URL in your browser’s address bar now appears in the following format:
https://anypoint.mulesoft.com/accounts/businessGroups/<XXXXXXX-XXXX-XXXX-XXXX-XXXXXXX>;.The business group ID is
XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXin the example, and it appears afterbusinessGroups/in your URL.
-
-
If you are using the classic UI (Teams feature is not enabled):
-
In the Access Management navigation menu, click Business Groups.
A tree containing the root organization and business groups appears. -
Click the root organization or a business group.
The org ID appears in the Organization Id field.
-
Use Anypoint CLI to Get Business Group Details
If you have the Anypoint CLI (command-line interface) tool installed, you can use it to get a list of the business groups, their types, and the business group ID.
For example, when you execute the account:business-group:list [flags] command, your business group information appears in the following format:
| Name | Type | ID |
|---|---|---|
Great Company |
Root |
12345678-7831-8734-9999-a0a0a0a0a0a0 |
Retail |
Business unit |
abcdef01-1234-53e1-a3b4-b0b0b0b0b0b0 |
Engineering |
Business unit |
87654321-abcd-e8e2-bab4-c0c0c0c0c0c0 |
In the example, the ID next to Root is the organization ID.
Anypoint Platform REST API
To get a token to invoke the Anypoint Platform REST API, see How to generate your Authorization Bearer token for Anypoint Platform. Then, invoke the URL https://anypoint.mulesoft.com/accounts/api/me using the token.
For example:
$ curl -H "Authorization: Bearer [YOUR_ACCESS_TOKEN]" https://anypoint.mulesoft.com/accounts/api/me
Sharing Organization Resources
All API versions and CloudHub environments that you create in an organization are accessible only to users within the organization.
If you want to share resources with a user, you have to invite the user to join your organization, and the user must accept the invitation and join the organization you sent the invitation from. See Inviting Users for more information.
|
Because the organization name (often the company name) is not necessarily unique, it is not sufficient for the invited user to join the organization and use the company name associated with the root organization. The domain name you set in the organization information is what distinguishes your organization from other organizations. Invited users must use the link they receive in the invitation email to join your organization. |
If your organization is configured to use an external federated identity system, you do not need to invite users, as they are authenticated by the external identity provider.
After a user joins your organization, they have access to the resources associated with the permissions or roles assigned to them. You can assign permissions to grant users access to different resources within the organization. A best practice is to assign permissions to the user at the time you invite them to join your organization so the roles are in effect when the user signs in for the first time. See Roles for more information.
If your organization contains business groups, you can give users access to multiple business groups by granting them permissions within each group.
Connect MuleSoft Composer to Anypoint Platform
Organizations that use both MuleSoft Composer and Anypoint Platform can connect the two products.
To link Composer to Anypoint Platform:
-
Sign in to Anypoint Platform using an account that has the Organization Administrator permission.
-
In the navigation bar or the main Anypoint Platform page, click Access Management.
-
In the Access Management navigation menu, click Composer Sync.
-
In the Composer Sync Orgs page, click Add Composer Orgs.
-
In the Add organization window, in the Organization ID box, enter your Composer organization and then click Add.
You can locate your Composer Organization ID by navigating to Composer > Settings > Account > General Information. An email is generated and sent to the Composer organization admin that provides a link to sync Anypoint Platform to Composer.