Nav

Organization

As an administrator of an Organization in the Anypoint Platform, there are several things you can configure for your entire organization such as:

  • Invite users to your organization

  • Assign users to roles to define their permissions in the platform

  • Edit and remove users from your organization

  • Configure organization settings

  • Access your organization’s client ID and client secret

  • Access analytics for the APIs in your organization

  • Create Business Groups to delegate the management of the resources within each of these and to easily delimit the scopes of roles and permissions. As a Business Group owner, there are also several things to configure at Business Group level.

Prerequisites

This section assumes you are a member of the Organization Administrator role for your organization.

Organization Settings

The Organization tab displays your organization name, which was created when your organization was first provisioned. You can edit this name by clicking the name. The original organization name determines your organization’s portal domain. However, your portal domain is independently editable as well. Adjusting the portal domain affects the deep links to any existing API Portals in your organization.

Client ID and Client Secret

Each organization has a client ID and a client secret that authenticate it. These values are required for configuring an on-premises Mule Runtime or legacy API Gateway Runtime, deploying proxies or APIs to CloudHub, and for other purposes.

To obtain the values of these credentials for your organization, log in to the Anypoint Platform as an administrator, click the gear icon at the top-right and then select the Organization tab.

If you need to change your organization’s client ID or client secret, please contact MuleSoft Support team.

Manage the Master Organization’s Settings

Organization Admin Only

As an Admin of your organization, you can modify the organization’s domain and the session timeout for its users. Access this menu by clicking the Organization link in the left menu, and selecting the organization name you want to modify.

organization-11dbd

Even though multiple organizations can be created by different users using the same company name, each organization has a unique domain.

Here you can also consult your organization’s Client Id and Client Secret. These belong to the Master Organization provide all of the permissions from the Business Groups within it.

Business Groups also have their own Client Id and Client Secret. You can use these if you’re not an Organization Admin.

You can also set a default timeout for owners of accounts in this organization, so that they have to re-login after a period of inactivity.

Sharing Resources in an Organization

The administrator of an organization is also the administrator of any business groups in the organization. All API versions and CloudHub environments that you create from your account are associated with this organization and only accessible to people within the organization.

The organization name doesn’t need to be unique because a unique domain name distinguishes your organization from other like-named ones. For that reason, if you want to share resources with another user, it doesn’t suffice if the other user registers under the same company name, you must invite the user to join your organization and the user must create a new account under this organization.

invite

If your organization is set up to use your organization’s external federated identity system, then you don’t need to invite users, they will be authenticated by the external identity.

After users join your organization, you can assign roles to grant them access to different resources that exist with the organization. It’s a best practice to assign these roles as you invite users; then, the roles are in effect when users log in for the first time.

If your organization contains business groups, then you can make users members of multiple business groups by granting them roles within the groups.

Exchange Settings

Organization Admin Only

You can handle the settings of your Organization’s private branch of the Exchange, you can edit the Exchange owner’s information and manage the number of items that your organization is able to expose on it. The URL path is built based on the Domain Name that you set in the organization’s settings.

Business Groups

Create a Business Group

If you have an organization admin role and your organization is enabled for Business Group support, you can create Business Groups within your organization. Just select the Organization tab, and then click the blue plus sign next to the Organization name or any Business Groups in the tree diagram.

organization-20885

You will be prompted to configure several settings for the new Business Group.

organization-9fa5f

You must select a name for it, and assign an existing user in the Organization to be the Business Group Owner. You can also configure whether this owner will have the ability to create his own Business Groups branching below this one.

You can assign some or all of the vCores that your organization owns to any individual Business Group so that these can be used in the CloudHub deployments that are grouped under it. You can assign these when creating the Business Group, or you can also edit these settings later.

Allocating vCores to a Business Group makes those vCores available only to the Business Group and unavailable to the parent organization.

Child Business Groups

You can keep splitting a Business Group into more levels and go as deep as you wish, by creating Business Groups within a Business Group. To do so, click the blue plus sign that appears next to any of the Business Groups at any level:

organization-2b25c

If so defined, the owner of a Business Group may be able to create these independently and can even assign yet another user to be the owner of one of its child Business Groups. The owner of a parent Business Group will always have admin rights over any child Business Group below it. Owners of child Business Groups can’t access or affect anything on its parent Business Groups or the master organization, this includes access to the parent Business Group’s client ID and client secret.

When creating a child Business Group within a parent one, only the vCores that were assigned to the parent Business Group are eligible for adding into the child.

Once your organization has multiple Business Groups, you can easily navigate between them through the menu on the top-right corner of the screen. Switching between Business Group implies that the list of available CloudHub deployments, the list of available APIs, and all of the settings regarding users and roles will correspond to the currently selected Business Group.

switch+suborg

If you’re not an organization admin user, you will only see the Business Groups on which your user has a membership. In the organization tab, the tree of your organization will also only feature the Business Groups you’re a member of.

Creating Roles and Handling Membership to Business Groups

To obtain the membership to a Business Group, a user needs to be granted a role within that Business Group. Members that are added to a Business Group are then able to see this Business Group in the top menu and navigate to it.

Roles may exist at master organization level as well as at Business Group level, these control different resources. APIs and CloudHub deployments that belong to a Business Group can only be accessed by being granted roles that belong to that Business Group, those that belong to the master organization require roles at the master organization level. Additionally, roles that belong to a Business Group can only grant access to APIs and CloudHub deployments within that Business Group.

When adding users to a role that belongs to a Business Group, any users in the master organization are eligible.

Deleting Business Groups

Only a user who owns an organization administrator role can delete Business Group.

No user can delete the root Organization.