To Configure SAML
-
Make sure to configure your SAML provider setting up your Anypoint Platform organization as your audience.
-
Set the assertion consumer service to send a POST request to https://anypoint.mulesoft.com/accounts/login/receive-id.
-
Log into the master Organization in Anypoint Plaform as Administrator.
-
In Anypoint Platform, click Access Management > External Identity.
-
From Identity Management, select SAML 2.0.
The External Identity - Identity Management SAML 2.0 form appears.
-
Fill in the following required fields:
-
Sign On URL
This redirect URL provided by the IdP for sign in. For example,
https://example.com/sso/saml
. -
Sign Off URL
URL to redirect sign out requests, so users both sign out of the Anypoint Platform and have their SAML user’s status set to signed out.
-
Issuer
ID of the identity provider instance that sends SAML assertions.
-
Public Key
Public key provided by the identity provider, used to sign the SAML assertion.
-
Audience
An arbitrary string value that identifies your Anypoint Platform organization. The typical value for this string is
<organizationDomain>.anypoint.mulesoft.com
.
-
-
Expand Advanced Settings, and optionally fill in the following fields.
-
Username Attribute
Field name in the SAML AttributeStatements that maps to username. By default, the 'NameID' attribute of the SAML 'Subject' in the SAML assertion is used.
-
First Name Attribute
Field name in the SAML AttributeStatements that maps to First Name.
-
Last Name Attribute
Field name in the SAML AttributeStatements that maps to Last Name.
-
Email Attribute
Field name in the SAML AttributeStatements that maps to Email.
-
Group Attribute
Field name in the SAML AttributeStatements that maps to Group.
-
-
Save your configuration.
-
Sign out and then navigate to the Sign On Url entered above and sign in via your identity provider to test the configuration.