As an administrator of an Organization in the Anypoint Platform, there are several things you can configure for your entire organization such as:
Invite users to your organization
Assign users to roles to define their permissions in the platform
Edit and remove users from your organization
Configure organization settings
Access your organization’s client ID and client secret
Access analytics for the APIs in your organization
Create Business Groups to delegate the management of the resources within each of these and to easily delimit the scopes of roles and permissions. As a Business Group owner, there are also several things to configure at Business Group level.
This section assumes you are a member of the Organization Administrator role for your organization.
The Organization tab displays your organization name, which was created when your organization was first provisioned. You can edit this name by clicking the name. The original organization name determines your organization’s portal domain. However, your portal domain is independently editable as well. Adjusting the portal domain affects the deep links to any existing API Portals in your organization.
Each organization has a client ID and a client secret that authenticate it. These values are required for configuring an on-premises Mule Runtime or legacy API Gateway Runtime, deploying proxies or APIs to CloudHub, and for other purposes.
To obtain the values of these credentials for your organization, log in to the Anypoint Platform as an administrator, click the gear icon at the top-right and then select the Organization tab.
If you need to change your organization’s client ID or client secret, contact MuleSoft Support.
Organization Admin Only
As an Admin of your organization, you can modify the organization’s domain and the session timeout for its users. Access this menu by clicking the Organization link in the left menu, and selecting the organization name you want to modify.
Even though multiple organizations can be created by different users using the same company name, each organization has a unique domain.
Here you can also consult your organization’s Client Id and Client Secret. These belong to the Master Organization provide all of the permissions from the Business Groups within it.
|Business Groups also have their own Client Id and Client Secret. You can use these if you’re not an Organization Admin.|
You can also set a default timeout for owners of accounts in this organization, so that they have to re-login after a period of inactivity.
The administrator of an organization is also the administrator of any business groups in the organization. All API versions and CloudHub environments that you create from your account are associated with this organization and only accessible to people within the organization.
The organization name doesn’t need to be unique because a unique domain name distinguishes your organization from other like-named ones. For that reason, if you want to share resources with another user, it doesn’t suffice if the other user registers under the same company name, you must invite the user to join your organization and the user must create a new account under this organization.
If your organization is set up to use your organization’s external federated identity system, then you don’t need to invite users, they will be authenticated by the external identity.
After users join your organization, you can assign roles to grant them access to different resources that exist with the organization. It’s a best practice to assign these roles as you invite users; then, the roles are in effect when users log in for the first time.
If your organization contains business groups, then you can make users members of multiple business groups by granting them roles within the groups.
Organization Admin Only
You can handle the settings of your Organization’s private branch of the Exchange, you can edit the Exchange owner’s information and manage the number of items that your organization is able to expose on it. The URL path is built based on the Domain Name that you set in the organization’s settings.
If you have an organization admin role and your organization is enabled for Business Group support, you can create Business Groups within your organization. Just select the Organization tab, and then click the blue plus sign next to the Organization name or any Business Groups in the tree diagram.
You will be prompted to configure several settings for the new Business Group.
You must select a name for it, and assign an existing user in the Organization to be the Business Group Owner. You can also configure whether this owner will have the ability to create his own Business Groups branching below this one.
You can assign some or all of the vCores that your organization owns to any individual Business Group so that these can be used in the CloudHub deployments that are grouped under it. You can assign these when creating the Business Group, or you can also edit these settings later.
Allocating vCores to a Business Group makes those vCores available only to the Business Group and unavailable to the parent organization.
You can keep splitting a Business Group into more levels and go as deep as you wish, by creating Business Groups within a Business Group. To do so, click the blue plus sign that appears next to any of the Business Groups at any level:
If so defined, the owner of a Business Group may be able to create these independently and can even assign yet another user to be the owner of one of its child Business Groups. The owner of a parent Business Group will always have admin rights over any child Business Group below it. Owners of child Business Groups can’t access or affect anything on its parent Business Groups or the master organization, this includes access to the parent Business Group’s client ID and client secret.
When creating a child Business Group within a parent one, only the vCores that were assigned to the parent Business Group are eligible for adding into the child.
Once your organization has multiple Business Groups, you can easily navigate between them through the menu on the top-right corner of the screen. Switching between Business Group implies that the list of available CloudHub deployments, the list of available APIs, and all of the settings regarding users and roles will correspond to the currently selected Business Group.
If you’re not an organization admin user, you will only see the Business Groups on which your user has a membership. In the organization tab, the tree of your organization will also only feature the Business Groups you’re a member of.
To obtain the membership to a Business Group, a user needs to be granted a role within that Business Group. Members that are added to a Business Group are then able to see this Business Group in the top menu and navigate to it.
Roles may exist at master organization level as well as at Business Group level, these control different resources. APIs and CloudHub deployments that belong to a Business Group can only be accessed by being granted roles that belong to that Business Group, those that belong to the master organization require roles at the master organization level. Additionally, roles that belong to a Business Group can only grant access to APIs and CloudHub deployments within that Business Group.
When adding users to a role that belongs to a Business Group, any users in the master organization are eligible.