Organization

When you create an Anypoint Platform account, a root organization is created, and you are assigned as the owner of the organization. Organization owners automatically inherit the Organization Administrator permission.

The organization name is the name you entered in the Company field in the initial Anypoint Platform signup form. You can change the name in the organization settings.

An organization is an account where multiple users can share resources, including applications and environments. The level of access users have to various resources depends on their assigned roles and permissions. For example, one user might have permission to manage API alerts, while another user has permission only to view API alerts.

When you log in to Anypoint Platform, the organization icon and name are displayed on the top right of the page. The root organization can contain multiple business groups. You can think of business groups as sub-organizations, or children of the root organization. Click the organization icon to navigate between business groups.

Organization Owner

The user who first signs up for an Anypoint Platform account is designated as the organization owner. This is not a role that is assigned, rather it is an identifier for this single user (creator of the Anypoint Platform account). The owner is assigned the Organization Administrator permission by default.

Every business group created within the organization hierarchy thereafter must have an owner assigned. Only users with the Organization Administrator permission can be assigned as owners of business groups. Any organization administrator can assign and change owners of business groups. There cannot be more than one owner at once for a business group. The Organization Administrator permission cannot be removed from organization owners.

An Anypoint Platform user who has the Organization Administrator permission can perform the following types of tasks:

  • Invite users to an organization

  • Assign users to teams or roles that define their permissions in Anypoint Platform

  • Edit and remove users from an organization

  • Assign or change owners of business groups

  • Configure organization settings

  • View a client ID and client secret

  • Access analytics for the APIs in your organization

  • Create business groups to delegate management of the resources and define the scopes of roles and permissions

  • Configure additional properties at the business group level.

Organization Page

In the Organization page, you can:

  • View a hierarchical tree of all of the organizations you have permissions to view. You can view and edit properties of an organization by clicking the name.

  • Click the name of a group to view and edit its information. What you can view and edit depends on your permissions.

    Changing the name or domain name of an organization changes the deep links to any existing API Portals in your organization.
  • Add and delete business groups (if enabled).

Access an Organization

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Business Groups.

  4. Click the name of the root organization.

Client ID and Client Secret

Each root organization, environment, and business group within the root organization has its own associated unique client ID and client secret. These are used for authentication by users who are not organization administrators to access assets within an organization. The client ID and password are generated by Anypoint Platform for each environment you create, and they are globally unique.

To deploy proxies or APIs to CloudHub, you must use these values to configure a customer-hosted Mule Runtime or legacy API Gateway.

Organization-level client IDs and client secrets are supported only for backward compatibility. In newer Anypoint Platform accounts, use the client ID and client secret for an environment instead. See Environments.

View the Client ID and Secret for Environments

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Business Groups.

  4. Click the name of your root organization.

  5. Click the Environments tab.

  6. Click the name of the environment.

  7. Next to the client secret, click Show.

View the Client ID and Secret for Organizations

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Business Groups.

  4. Click the name of your root organization.

  5. Click the Settings tab.

  6. Next to the client secret, click Show.

  • For newer Anypoint Platform accounts, the client ID and secret apply to environments rather than organizations. See Environments.

  • To change the client ID or client secret of an organization, please contact your MuleSoft customer support representative.

Manage Root Organization Settings

Only users with the Organization Administrator permission can manage these settings.

An organization administrator can modify the organization name, domain name, and session timeout for its users.

To access these settings:

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Business Groups.

  4. Click the name of your root organization.

  5. Click the Settings tab.

  6. Modify any of the following settings, then click Save changes.

    • Organization name: This can be anything, for example, the name of the company.

    • Domain name: Although multiple organizations can be created by different users using the same company name, each organization must have a unique domain name.

    • Owner: The identifier of the organization owner.

    • Default session timeout: Set the amount of time (in minutes) a user is inactive before they are automatically logged out of Anypoint Platform. The default is 60 minutes, the minimum is 15 minutes, and the maximum is 180 minutes.

You can also view the organization ID, client ID, and client secret. These values apply to the root organization and grant permissions for all of the business groups contained within.

Sharing Resources in an Organization

All API versions and CloudHub environments that you create in an organization are accessible only to users within the organization.

If you want to share resources with a user, you have to invite the user to join your organization, and the user must create a new account under the organization you sent the invitation from. See Inviting Users for more information.

Because the organization name (often the company name) is not necessarily unique, it is not sufficient for the invited user to create a new account and use the company name associated with the root organization. The domain name you set in the organization information is what distinguishes your organization from other organizations.

Invited users must use the link they receive in the invitation email to join your organization.

If your organization is configured to use an external federated identity system, you do not need to invite users, as they are authenticated by the external identity provider.

After a user joins your organization, they have access to the resources associated with the permissions or roles assigned to them. You can assign permissions to grant users access to different resources within the organization. A best practice is to assign permissions to the user at the time you invite them to join your organization so the roles are in effect when the user signs in for the first time. See Roles for more information.

If your organization contains business groups, you can give users access to multiple business groups by granting them roles within each group.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub