Contact Us 1-800-596-4880
  1. Homepage
  2. Access Management

  3. Managing Users

Managing Users

As an administrator of your root organization, you can enable, disable, or delete users, assign permissions to users, and edit a user’s settings.

On the access management Users page, you can:

  • Invite users to join your organization.

  • Enable and disable users.

    When you disable a user, they are no longer able to sign in to your organization.

  • Delete users.

    When deleting a user from the root organization, all of the user’s permissions are removed, and the user becomes unattached.

  • Send a request to a user to reset their password.

Before You Begin

Before getting started, ensure that you have:

  • The Organization Administrator permission

  • The API Version Owner permission if you plan to manage user permissions for your API version

Invite a User to Anypoint Platform

This feature is not available in Anypoint Platform Private Cloud Edition, Government Cloud, or for organizations that use external identity providers for single sign-on (SSO) and have disabled account creation. You must manage users, including invitations for new users, through your third-party IdP or LDAP.

As an organization administrator of a root organization, you can invite new users and manage existing users for your organization.

To invite new users to your organization:

  1. In the Access Management navigation menu, click Users.

  2. Click Invite user.

  3. Enter the email addresses of the users that you want to invite to your organization as a comma-separated list.

  4. Optionally, select a team or role (deprecated) to assign permissions to these users.

  5. Click Send Invitation.

The users you specify receive email invitations to join your organization. Invited users must use the link they receive in the invitation to join your organization. When they click the link, they are presented with a sign-up form that already has the Company field completed with the name of your organization.

The email link expires in one week.

Invited users have access to the same set of resources as you (although they may have different permissions that restrict what they can view or do).

Resend or Cancel a Sent Invitation

  1. In the Access Management navigation menu, click Users.

  2. Click Pending Invites to view all invitations that have not yet been accepted.

  3. Click the more actions menu (…​) in the row for the invitation to manage.

  4. Select Re-send Invite or Cancel Invite.

Access the User’s Settings Page

The user’s Settings page is where you can edit the user’s first and last name, email address, and exempt them from multi-factor authentication.

  1. In the Access Management navigation menu, click Users.

  2. There are three ways to access the user’s Settings page:

    • Click the user’s name in the Name column.

    • Click the username of the user in the Username column.

    • Click the more actions menu (…​) in the user’s row, and select Manage User.

  3. Click the Settings tab.

Grant Permissions to Users

Organization administrators manage user access using teams or roles (deprecated), or by granting permissions to users individually. Teams and roles functionality are mutually exclusive.

For more information about configuring Teams, see Manage Team Permissions.

In the Users page, click a user name to access more information about that user, manage and view permissions, manage and view teams, or reset their password.

By default, in every new organization and business group, you can assign the following:

  • Assign API permissions: Select the name of the API you want to give access to, then pick a version and permission.

  • Assign Runtime Manager permissions: Select the name of the Runtime Manager environment to give access to, then pick a permission.

  • Assign teams: Select the name of the team to give access to.

  • Assign roles (deprecated): Select the name of the role to grant. Check the roles section for a description of the default roles within an organization and business group.

To grant permissions to individual users:

  1. Sign in to Anypoint Platform using an account that has the root Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Users.

  4. Click the name of the user to assign permissions to.

  5. Click the Permissions tab and click Add permissions.

  6. Select the permissions to add and click Next.

    The list of Permissions includes all permissions, even if they are already assigned to users. If you add a permission that’s already assigned, there is no effect.

  7. Select the business groups to apply the permissions to.

    Select which environments to apply the permission to if it’s enabled for the permission.

  8. Click Next.

  9. Review the permissions and the business groups and environments they apply to, and then click Add Permissions.

    The user now has the permissions you selected in the business groups and environments you specified.

Remove Permissions for a User

You can remove user permissions for an individual user, but if those permissions are granted through an assigned team, you can remove them only by using the Teams feature. You can’t view or remove team-based permissions in the Users page.

To edit or remove permissions for an individual user:

  1. Sign in to Anypoint Platform using an account that has the root Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Users.

  4. Click the name of the user to edit permissions for.

  5. In the row that has the permissions to edit, click Edit.

    The Edit Permissions dialog shows the permissions that are assigned to the user.

  6. Deselect the permissions to remove from the user, and then click Done.

View Limits for a User

Each administrative page for a user contains a Limits section that shows how close the account is to hitting limits imposed by Anypoint Platform.

To view limits:

  1. In the Access Management navigation menu, click Users.

  2. Click the user for which you want to view limits.

  3. Click the Limits tab.

The number of permissions used might include internal permissions granted automatically by the system, which are not always visible in the UI.

For more information on limits in Access Management, see Limits.

Manage Deleted Users

When you delete a user from your root organization, the user is soft deleted. The deleted user can no longer access the root organization or business groups but maintains an Anypoint Platform account and can later be associated with another organization. Anypoint Platform maintains a record of such users for the purposes of audit logs.

Deleting a user does not affect the assets created by that user. For instance, deleting a user who has created an API in Exchange, an API in API Manager, or an application in Runtime Manager does not have any impact on the assets they created.

An Anypoint Platform user can’t sign into an organization they were removed from. If a user tries to sign in to an organization they were removed from, they are added to a new trial organization as an administrator.

An organization administrator can invite a user to rejoin the organization they were previously removed from, but the user must create a new username.

A deleted federated user appears in the organization as a disabled account. An organization administrator can reenable this user.

Manage External Users of Your Public APIs

When you make an API portal public, users from any other Anypoint Platform organization can register client applications to call your API. When these users sign in to your public developer portal, they are considered external users because they are outside of your organization.

When a user logs into Anypoint Platform for the first time, they are automatically added to the External Users tab. From the External Users tab in Access management, you can view a list of all external users. You can also enable or disable each of these external users from this screen. When you disable an external user, they can no longer log in to your public portal.

You cannot search for external users in other parts of Anypoint Platform because these users do not belong to your organization and do not have additional permissions. To grant users permission to perform tasks like deploying an application, you must invite the user to join your organization.

Manage Sensitive Account Information

As an organization administrator, you can modify some sensitive user information. For enhanced security, Access Management might ask you to reauthenticate before you can modify an organization user’s email address. Connected apps and clients are exempt from reauthentication. If you have a script that makes an API call to change an organization user’s email addresses, it might need to accommodate reauthentication.

Access Management prompts you to reauthenticate under the following conditions:

  • If more than 30 minutes have elapsed since you entered your password, Access Management prompts you to reenter your password.

  • If you have multi-factor authentication (MFA) enabled and more than eight hours have elapsed since you entered your password and used MFA, Access Management prompts you to reenter your password and confirm the signin using MFA.

Each time you sign in or reauthenticate, the timer resets. If less than 30 minutes have elapsed since you signed in, Access Management does not prompt for your password again.

See Also