Nav

To Configure SAML

  1. Make sure to configure your SAML provider setting up your Anypoint Platform organization as your audience.

  2. Set the assertion consumer service to send a POST request to https://anypoint.mulesoft.com/accounts/login/receive-id.

  3. Log into the master Organization in Anypoint Plaform as Administrator.

  4. In Anypoint Platform, click Access Management > External Identity.

  5. From Identity Management, select SAML 2.0.

    The External Identity - Identity Management SAML 2.0 form appears.

  6. Fill in the following required fields:

    • Sign On URL

      This redirect URL provided by the IdP for sign in. For example, https://example.com/sso/saml.

    • Sign Off URL

      URL to redirect sign out requests, so users both sign out of the Anypoint Platform and have their SAML user’s status set to signed out.

    • Issuer

      ID of the identity provider instance that sends SAML assertions.

    • Public Key

      Public key provided by the identity provider, used to sign the SAML assertion.

    • Audience

      An arbitrary string value that identifies your Anypoint Platform organization. The typical value for this string is <organizationDomain>.anypoint.mulesoft.com.

  7. Expand Advanced Settings, and optionally fill in the following fields.

    • Username Attribute

      Field name in the SAML AttributeStatements that maps to username. By default, the 'NameID' attribute of the SAML 'Subject' in the SAML assertion is used.

    • First Name Attribute

      Field name in the SAML AttributeStatements that maps to First Name.

    • Last Name Attribute

      Field name in the SAML AttributeStatements that maps to Last Name.

    • Email Attribute

      Field name in the SAML AttributeStatements that maps to Email.

    • Group Attribute

      Field name in the SAML AttributeStatements that maps to Group.

  8. Save your configuration.

  9. Sign out and then navigate to the Sign On Url entered above and sign in via your identity provider to test the configuration.