You must have the Organization Administrator permission to manage users within an Anypoint Platform organization. To manage user permissions for your API version, you must have the API Version Owner permission.

As an administrator of your root organization, you can enable, disable, or delete users.

By selecting the checkbox next to a user, additional options related to that user are displayed:

  • Enable: Enables the user in the selected organization or business group.

  • Disable: Disables the user in the selected organization or business group. They are no longer able to log in.

  • Delete: When deleting from the top level Organization, all of the user’s roles/permissions are removed and the user becomes unattached. When deleting from a business group, all of the user’s roles/permissions for only the selected business group are removed.

Inviting a User to Anypoint Platform

This feature is not available in Anypoint Platform Private Cloud Edition.

When running Anypoint Platform Private Cloud Edition, you need to configure user management methods such as SSO through a third-party IdP or LDAP.

As an organization administrator of a root organization or of one of its business groups, you can invite new users and manage existing users for your organization.

To invite new users to your organization:

  1. In the Access Management navigation menu, click Users.

  2. Click Invite user.

  3. Enter the email addresses of the users that you want to invite to your organization as a comma-separated list.

  4. Optionally, select a team or role (deprecated) for assign these users.

  5. Click Send Invitation.

The users you specify receive email invitations to join your organization. Invited users must use the link they receive in the invitation to join your organization. When they click the link, they are presented with a sign-up form that already has the Company field completed with the name of your organization.

Note that the email link expires in one week.

Invited users have access to the same set of resources as you (although they may have different permissions that can restrict what they can view or do).

Resending or Canceling a Sent Invitation

Click Pending Invites to view all invitations that have not yet been accepted. Select the ones you need to manage, and click Re-send Invite or Cancel Invite.

Grant Permissions and Roles to Users

Organization administrators manage user access using teams or roles (deprecated), or by granting permissions to users individually.

In the Users page, click a user name to access more information about that user, grant roles and permissions, see inherited permissions, or reset their password.

By default, in every new organization and business group, you get three options:

  • Assign API Permissions: Write the name of the API you want to give access to, then pick a version and permission.

  • Assign Runtime Manager Permissions: Write the name of the Runtime Manager environment to give access to, then pick a permission.

  • Assign Roles: Write the name of the role to grant. Check the roles section for a description of the default roles within an organization and business group.

Roles and permissions are grouped under organizations (and also, optionally, under business groups). This means that you can only assign roles and permissions that are related to resources that exist in the organization and/or business group that you are selecting.

If necessary, you can also remove user permissions, but note that if those permissions are granted through an assigned role, you can remove them only by using the Roles functionality. You cannot view or remove role-based permissions in the Users page.

Because the Roles feature is deprecated, it is best to opt in to the Teams feature to manage permissions in a hierarchy.

To grant permissions to an individual user:

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Users.

  4. In the Permissions section, click Add permissions.

  5. Next to each permission you want to grant the user, select the checkbox.

  6. Click Next.

  7. Select the business groups in which you want the selected permissions to apply.

  8. Click Next.

  9. Select the environments in which you want the selected permissions to apply.

  10. Review the permissions, business groups, and environments, and then click Add permissions.

The user now has the permissions you selected in the business groups and environments you specified.

Managing External Users of Your Public APIs

When you make an API portal public, users from any other Anypoint Platform organization can register client applications to call your API. When these users log in to your public developer portal, they are considered external users because they are outside of your organization.

When a user logs into Anypoint Platform for the first time, they are automatically added to the External Users tab. From the External Users tab in Access management, you can view a list of all external users. You can also enable or disable each of these external users from this screen. When you disable an external user, they can no longer log in to your public portal.

You cannot search for external users in other parts of Anypoint Platform because these users do not belong to your organization and do not have additional permissions. To grant users permission to perform tasks like deploying an application, you must invite the user to join your organization.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub