salesforce Dreamforce On-Demand
Contact Us 1-800-596-4880
  1. Homepage
  2. Access Management
  3. Business Groups

  4. Organization

Organization

When you create an Anypoint Platform account, a root organization is created, and you are assigned as the owner of the organization. Organization owners automatically inherit the Organization Administrator permission.

The organization name is the name you entered in the Company field in the initial Anypoint Platform signup form. You can change the name in the organization settings.

An organization is an account where multiple users can share resources, including applications and environments. The level of access users have to various resources depends on their assigned roles and permissions. For example, one user might have permission to manage API alerts, while another user has permission only to view API alerts.

When you log in to Anypoint Platform, the organization icon and name are displayed on the top right of the page. The root organization can contain multiple business groups. You can think of business groups as sub-organizations, or children of the root organization. Click the organization icon to navigate between business groups.

Organization Owner

The user who first signs up for an Anypoint Platform account is designated as the organization owner. This is not a permission that is assigned, rather it is an identifier for this single user (creator of the Anypoint Platform account). The owner is assigned the Organization Administrator permission by default. If you transfer organization ownership to another user, the previous organization owner retains the Organization Administrator permission unless you revoke it.

Every business group created within the organization hierarchy thereafter must have an owner assigned. Only users with the Organization Administrator permission can be assigned as owners of business groups. Any organization administrator can assign and change owners of business groups. There cannot be more than one owner at once for a business group. The Organization Administrator permission cannot be removed from organization owners.

An Anypoint Platform user who has the Organization Administrator permission can perform the following types of tasks:

  • Invite users to an organization

  • Assign users to teams or roles that define their permissions in Anypoint Platform

  • Edit and remove users from an organization

  • Assign or change owners of business groups

  • Configure organization settings

  • Create and manage teams

  • View a client ID and client secret for the root organization, business groups, and environments

  • Access analytics for the APIs in your organization

  • Create business groups to delegate management of the resources and define the scopes of roles and permissions

  • Configure additional properties at the business group level.

Organization Page

In the Organization page, you can:

  • View a hierarchical tree of all of the organizations you have permissions to view. You can view and edit properties of an organization by clicking the name.

  • Click the name of a group to view and edit its information. What you can view and edit depends on your permissions.

    Changing the name or domain name of an organization changes the deep links to any existing API Portals in your organization.

  • Add and delete business groups (if enabled).

Access an Organization

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Business Groups.

  4. Click the name of the root organization.

Client ID and Client Secret

Each root organization, environment, and business group within the root organization has its own associated unique client ID and client secret. These are used for authentication by users who are not organization administrators to access assets within an organization. The client ID and password are generated by Anypoint Platform for each environment you create, and they are globally unique.

To deploy proxies or APIs to CloudHub, you must use these values to configure a customer-hosted Mule Runtime or legacy API Gateway.

Organization-level client IDs and client secrets are supported only for backward compatibility. In newer Anypoint Platform accounts, use the client ID and client secret for an environment instead. See Environments.

View the Client ID and Secret for Environments

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Business Groups.

  4. Click the name of your root organization.

  5. Click the Environments tab.

  6. Click the name of the environment.

  7. Next to the client secret, click Show.

View the Client ID and Secret for Organizations

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Business Groups.

  4. Click the name of your root organization.

  5. Click the Settings tab.

  6. Next to the client secret, click Show.

  • For newer Anypoint Platform accounts, the client ID and secret apply to environments rather than organizations. See Environments.

  • To change the client secret for an environment or organization, see this help article, or contact your customer support representative.

Manage Root Organization Settings

Only users with the Organization Administrator permission can manage these settings.

An organization administrator can modify the organization name, domain name, and session timeout for its users.

To access these settings:

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Business Groups.

  4. Click the name of your root organization.

  5. Click the Settings tab.

  6. Modify any of the following settings, then click Save changes.

    • Organization name: This can be anything, for example, the name of the company.

    • Domain name: Although multiple organizations can be created by different users using the same company name, each organization must have a unique domain name.

    • Owner: The identifier of the organization owner.

    • Default session timeout: Set the amount of time (in minutes) a user is inactive before they are automatically logged out of Anypoint Platform. The default is 60 minutes, the minimum is 15 minutes, and the maximum is 180 minutes.

    • Confidentiality Notification: Create a custom popup that appears when users log in to your organization. The character limit is 1000 alphanumeric characters and symbols: @, :, ?, !, ,, ., ;, ', _, and -. You can also add line breaks using \n and tabs using \t. If you leave this field blank, users do not receive a notification at login.

You can also view the organization ID, client ID, and client secret. These values apply to the root organization and grant permissions for all of the business groups contained within.

To modify your multi-factor authentication settings for your organization, click the Identity Providers in the Access Management navigation menu. Organizations created after April 30, 2022 require multi-factor authentication by default for all users.

View Limits for an Organization or Business Group

Your root organization and business groups each have a Limits section that shows how close it is to hitting limits imposed by Anypoint Platform.

To view limits:

  1. In the Access Management navigation menu, click Business Groups.

  2. Click the name of the business group you want to access.
    The Settings section appears, showing details about the root organization or business group.

  3. Click the organization or business group for which you want to view limits.

  4. Click the Limits tab.

For more information on limits in Access Management, see Limits.

Find your Organization ID

Some operations require you to specify your organization ID, or orgId. You also need your orgId to designate a business group or root organization when creating certain types of requests.

You can obtain your orgId from your organization URL, executing an Anypoint CLI command, or using a token to invoke the Anypoint Platform REST API.

Organization URL

After logging in to Anypoint Platform, you can view your orgId by accessing business groups.

  1. Log in to Anypoint Platform.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. If you are using the new feature UI (Teams feature is enabled):

    1. In the Access Management navigation menu, click Business Groups.

    2. In the tree that contains the root organization and business groups, click the root organization or a business group.
      The URL in your browser’s address bar now appears in the following format: https://anypoint.mulesoft.com/accounts/businessGroups/<XXXXXXX-XXXX-XXXX-XXXX-XXXXXXX>;.
      The orgId for your organization is XXXXXXX-XXXX-XXXX-XXXX-XXXXXXX in the example, and it appears appears after businessGroups/ in your URL.

  4. If you are using the classic UI (Teams feature is not enabled):

    1. In the Access Management navigation menu, click Organization.
      A tree containing the root organization and business groups appears.

    2. Click the root organization or a business group.
      The org ID appears in the Organization Id field.

Anypoint CLI

You can use the Anypoint CLI (command-line interface) tool to execute account business-group to get a list of the business groups, their types, and the organization ID. Note that you must install Anypoint CLI first.

For example, when you execute account business-group list, your organization information appears in the following format:

Name Type ID

Great Company

Root

12345678-7831-8734-9999-a0a0a0a0a0a0

Retail

Business unit

abcdef01-1234-53e1-a3b4-b0b0b0b0b0b0

Engineering

Business unit

87654321-abcd-e8e2-bab4-c0c0c0c0c0c0

In the example, the ID next to Root is the orgId.

Anypoint Platform REST API

To get a token to invoke the Anypoint Platform REST API, see How to generate your Authorization Bearer token for Anypoint Platform. Then, invoke the URL https://anypoint.mulesoft.com/accounts/api/me using the token.

For example:

$ curl -H "Authorization: Bearer [YOUR_ACCESS_TOKEN]" https://anypoint.mulesoft.com/accounts/api/me

Sharing Resources in an Organization

All API versions and CloudHub environments that you create in an organization are accessible only to users within the organization.

If you want to share resources with a user, you have to invite the user to join your organization, and the user must accept the invitation and join the organization you sent the invitation from. See Inviting Users for more information.

Because the organization name (often the company name) is not necessarily unique, it is not sufficient for the invited user to join the organization and use the company name associated with the root organization. The domain name you set in the organization information is what distinguishes your organization from other organizations.

Invited users must use the link they receive in the invitation email to join your organization.

If your organization is configured to use an external federated identity system, you do not need to invite users, as they are authenticated by the external identity provider.

After a user joins your organization, they have access to the resources associated with the permissions or roles assigned to them. You can assign permissions to grant users access to different resources within the organization. A best practice is to assign permissions to the user at the time you invite them to join your organization so the roles are in effect when the user signs in for the first time. See Roles for more information.

If your organization contains business groups, you can give users access to multiple business groups by granting them permissions within each group.

Connect MuleSoft Composer to Anypoint Platform

Organizations that use both MuleSoft Composer and Anypoint Platform can connect the two products.

To link Composer to Anypoint Platform:

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Composer Sync.

  4. In the Composer Sync Orgs page, click Add Composer Orgs.

  5. In the Add organization window, in the Organization ID box, enter your Composer organization and then click Add.

    You can locate your Composer Organization ID by navigating to Composer > Settings > Account > General Information.

    An email is generated and sent to the Composer organization admin that provides a link to sync Anypoint Platform to Composer.

See Also