Contact Free trial Login

Configure SAML for SSO

Configure SAML to provide external authentication of users and Single Sign-on (SSO) capability so users don’t need to provide additional credentials when they access Anypoint Platform.

Configuring SAML for SSO involves:

  • Beginning with a configured SAML identity provider (IdP)

  • Navigating to and completing the External Identity - Identity Management SAML 2.0 form in Anypoint Platform, and optionally configuring some advanced settings

  • Saving and testing your new configuration

Prerequisites

  • Your Anypoint Platform organization must be set up as your audience.

  • The assertion consumer service must be set to send a POST request to https://anypoint.mulesoft.com/accounts/login/receive-id.

Configure SAML in Identity Management

  1. In Anypoint Platform, sign into the master organization as a user with the Organization Administrators.

  2. In Management Center, click Access Management.

  3. In the navigation menu on the left, click External Identity.

  4. Select Identity Management > SAML 2.0.

  5. Complete the required fields of the External Identity - Identity Management SAML 2.0 form:

    • Sign On URL

      Redirect URL provided by the IdP for signin, for example: https://example.com/sso/saml.

    • Sign Off URL

      URL to redirect signout requests, so users both sign out of the Anypoint Platform and have their SAML user’s status set to signed out.

    • Issuer

      ID of the identity provider instance that sends SAML assertions.

    • Public Key

      Public key provided by the identity provider, which is used to sign the SAML assertion.

    • Audience

      An arbitrary string value that identifies your Anypoint Platform organization. The typical value for this string is <organizationDomain>.anypoint.mulesoft.com.

  6. Optionally, expand Advanced settings, and provide the following values:

    • Username Attribute

      Field name in the SAML AttributeStatements that maps to username. By default, the NameID attribute of the SAML Subject in the SAML assertion is used.

    • First Name Attribute

      Field name in the SAML AttributeStatements that maps to First Name.

    • Last Name Attribute

      Field name in the SAML AttributeStatements that maps to Last Name.

    • Email Attribute

      Field name in the SAML AttributeStatements that maps to Email.

    • Group Attribute

      Field name in the SAML AttributeStatements that maps to Group.

  7. Click Save.

  8. Sign out of Anypoint Platform, navigate to the sign-on URL you entered in the Identity Management SAML 2.0 form, then sign in through your identity provider to test the configuration.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub