Contact Free trial Login

Configure API Community Manager

Use these steps to configure Anypoint API Community Manager.

Installing, updating, or configuring API Community Manager must be done by a user account with the System Administrator profile in the API Community Manager Salesforce organization.
If your Anypoint Platform organization is hosted in the EU region you must replace all occurrences of the anypoint.mulesoft.com domain with eu1.anypoint.mulesoft.com in all the steps in this section.

Create and Authenticate the External Data Source

The external data source specifies how API Community Manager components and data objects interact securely with your Anypoint Platform organization.

Create a Connected App

You can perform this step by using either the user interface or an API call.

Your account must have the Org Admin permission.

Create a Connected App by Using the User Interface

To create a connected app by using the user interface, in Anypoint Platform, navigate to Access Management > Connected Apps > Create app, and provide this information:

  1. Enter a value for the app Name.

  2. Set Type to App acts on behalf of a user.

  3. Set Grant types to Authorization Code and Refresh Token.

  4. Set the mandatory Website URL to a URL of your choice.

  5. Set Redirect URIs to https://<domain>.my.salesforce.com/services/authcallback/Anypoint and replace <domain> with your domain.

  6. Set Who can use this application? to Members of this organization only.

  7. Click Add Scopes.

    Select Full Access and Background Access.

  8. Click Create Application.

  9. Note the client ID and client secret.

Create a Connected App by Using an API Call

To create a connected app by using an API call, follow this example using the cURL command.

  1. Get an authorization token from the platform:

        curl --silent https://anypoint.mulesoft.com/accounts/login -XPOST \
          -d 'username=<anypoint username>&password=<anypoint password>'
  2. The command returns a response like this:

        {
          "access_token": "5242XXXX-XXXX-XXXX-XXXX-XXXXXXXXfec7",
          "token_type": "bearer",
          "redirectUrl": "/home/"
        }
  3. Note the access_token value.

  4. Use the next cURL example to register an external client in Anypoint Platform for OpenID authentication.

    Replace the access token in the authorization header with the access_token value.

    Replace [YourOrgDomain] with your Salesforce organization domain name. Find the domain name by logging in to your Salesforce organization, clicking Setup, and clicking the section My Domain.

        curl -X POST \
          https://anypoint.mulesoft.com/accounts/api/connectedApplications \
          -H 'Content-Type: application/json' \
          -H 'Accept: */*' \
          -H 'Accept-Encoding: gzip, deflate' \
          -H 'Authorization: Bearer 5242XXXX-XXXX-XXXX-XXXX-XXXXXXXXfec7' \
          -H 'Host:anypoint.mulesoft.com' \
          -d '{"client_name":"ACM Integration App","grant_types":["authorization_code","refresh_token"],"redirect_uris":["https://[YourOrgDomain].my.salesforce.com/services/authcallback/Anypoint"],"scopes":["full","offline_access"],"public_keys":[]}'
  5. The cURL command returns a response like this:

        {
          "client_id": "5fafXXXXXXXXXXXXXXXXXXXXXXXX29c9",
          "client_secret": "9509XXXXXXXXXXXXXXXXXXXXXXXXC10E",
          "client_name": "ACM Integration App",
          "redirect_uris": [
            "https://[YourOrgDomain].my.salesforce.com/services/authcallback/Anypoint"
          ],
          "grant_types": [
            "authorization_code",
            "refresh_token"
          ],
          "public_keys": [],
          "scopes": [
            "offline_access",
            "full"
          ],
          "enabled": true,
          "owner_org_id": "f377XXXX-XXXX-XXXX-XXXX-XXXXXXXX9d08",
          "as_id": "anypoint"
        }
  6. Note the client_id and client_secret values.

Create Your Authentication Provider

If your Anypoint Platform organization is hosted in the EU, change https://anypoint.mulesoft.com to https://eu1.anypoint.mulesoft.com.
  1. In Setup, search for Auth. Providers using the Quick Find box and click Auth. ProvidersNew.

  2. In Provider type select Open ID Connect.

  3. Set Name to Anypoint.

  4. Set Consumer Key to the application ID of the connected app created in Anypoint Platform.

    This ID was returned by the Anypoint UI at the end of the task Create a Connected App by Using the User Interface or returned by the Anypoint API call at the end of the task Create a Connected App by Using an API Call.

  5. Set Consumer Secret to the application secret of the connected app created in Anypoint Platform.

    This secret was returned by the Anypoint UI at the end of the task Create a Connected App by Using the User Interface or returned by the Anypoint API call at the end of the task Create a Connected App by Using an API Call.

  6. Set Authorize Endpoint URL to https://anypoint.mulesoft.com/accounts/api/v2/oauth2/authorize .

  7. Set Token Endpoint URL to https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token .

  8. Set Default Scopes to full offline_access.

  9. Click Save.

Remember to associate the external data source with this authentication provider.

Authorize and Authenticate Your External Data Source

  1. Search for External Data Source in the Quick Find box and then click External Data Sources.

  2. Locate the Exchange item and then click Edit.

  3. Update Identity Type to Named Principal.

  4. Update Authentication Protocol to OAuth 2.0.

  5. Update Authentication Provider to Anypoint.

  6. Click Save.

  7. If you don’t have an active session in your Anypoint Platform organization, the Anypoint Login page is shown. Log in to Anypoint Platform to complete the authentication. If you already have an active session, authentication is performed without requiring a login.

  8. Verify the Exchange External Data Sources Authentication Status is Authenticated.

After authenticating the External Data Source, provide the credentials of an Anypoint Platform system user with read-only access, for Lightning components like the API Console which retrieve data directly from the Anypoint Platform APIs.

  1. Search for Named Credentials in the Quick Find box and then click Named Credentials.

  2. Locate the anypoint.mulesoft item and then click Edit.

  3. In the Authentication section, enter the Anypoint Platform username and password in the Username and Password fields, respectively, for a system user with read-only privileges in your Anypoint Platform organization.

  4. Click Save.

Enable API Community Manager Control Panel

The API Community Manager control panel is the interface your community administrators and operators use to operate your communities. It is available in the App Launcher page, where it is the first icon displayed in the main navigation bar. To ensure that it is available for admin users:

  1. In Setup, search for App Manager using the Quick Find box and click App Manager.

  2. Locate the API Community Manager item, and in the menu on the right end of the row, click Edit.

  3. Click Navigation Items on the left panel, highlight the ACM Administrator item under the Available Items box, and use the arrow buttons to move it to the Selected Items box. Click Save.

  4. Click Back at the top right.

  5. Log out and log back in to your Salesforce organization.

  6. Open the App Launcher and click API Community Manager.

  7. Verify that the API Community Manager control panel is displayed correctly by navigating to Application Launcher > ACM Administrator.

    If you see a message that you have not created a community, then the actions in this step were performed correctly.

Update Your User Role and Permissions

  1. In Setup, search for Users using the Quick Find box and click Users.

  2. Locate your username and click Edit.

  3. Set the Role for your account. This can be any role from the list, but cannot be none. If you don’t see any roles in the list, refer to the Salesforce knowledge article Add roles to the role hierarchy for instructions to create a role in your organization.

  4. Select Salesforce CRM Content User.

  5. Click Save.

Communities Configuration

Create, configure, and publish your Salesforce Community with branding, forums and moderation rules, Salesforce CMS, Salesforce CRM Content, and Chatter tracking for APIs.

Create a Community

  1. If you are not familiar with Communities, refer to the Salesforce Communities Overview.

  2. Navigate to Setup.

  3. In the Quick Find box, enter All Communities and then click All Communities.

  4. Click New Community. All communities templates are listed.

  5. Choose any of the API Community Manager Templates if you want to get started from an example, any of the other available templates, or Build your own if you want to design your community from scratch with full control of the structure and look and feel.

  6. On the desired template page, click Get Started.

  7. Enter a Name and an optional URL suffix for your community.

  8. Click Create. The configuration process will take a few minutes.

  9. When the configuration process finishes, you’ll see your new community workspace. Click Install AppExchange Package on the top banner to install the pre-defined metrics and dashboards, and follow the installation wizard instructions. Be sure to install this package in your production organization when prompted by the wizard. You may need to re-enter your login credentials to complete the installation of this package.

  10. In the Application Launcher navigate to ACM Administrator, click Community Administration, go to the Settings section, and click Activate Community.

Customize Your Community

Enable Forums

  1. In the Application Launcher navigate to ACM Administrator, click Community Administration, and click Preferences in the left panel.

  2. Click Show all settings in Workspaces.

  3. Click Save so this setting is reflected.

  4. Click Allow discussion threads.

  5. Click Save.

  6. Return to the API Community Manager control panel, and click Manage CMS Content. ``

  7. Click the Topics tab.

  8. Click Navigational Topics.

  9. Create as many topics as you need for your community forums and click Save.

Define Moderation Rules for Forums

By default discussion forums are not moderated, so any member can create posts with any content and the posts become visible for other members immediately. If you want to define a basic "review/approve-all" moderation model, use these steps.

  1. In the API Community Manager control panel, click Manage Forums > Rules.

  2. Click New and create a Content Rule.

  3. Enter a Name and a Unique Name in the Details section and click Activate Rule.

  4. In the Rule Conditions section, select Post and Comment, and in Moderation Action select Review.

  5. In the Criteria section, move all items in Member Criteria from the Available Criteria box to the Selected Criteria box.

  6. Click Save.

Forum Moderation Rule
Verify the Activate Rule check box is active when saving your changes.

You can define much more advanced moderation and review rules. You can find more information in the Salesforce Community Cloud documentation about forum moderation rules.

Enable Salesforce CMS

  1. In Setup, search for Salesforce Files using the Quick Find box and click General Settings.

  2. Click Edit.

  3. Click Libraries in Salesforce Files.

  4. Click Save.

  5. In Setup, search for App Manager using the Quick Find box and click App Manager.

  6. Locate the Salesforce CMS item, open the list on the right end of the row and select Edit.

  7. Click User Profiles on the left panel, highlight the System Administrator item under the Available Profiles box, and use the arrow buttons to move it to the Selected Profiles box.

  8. Click Save.

  9. Click Back at the top right.

  10. Open the App Launcher and click Salesforce CMS.

  11. Click Create Your First Workspace.

  12. In the Name and Describe Your Workspace step enter a Name for your workspace and click Next.

  13. In the Add Destination step, select your community in the list by clicking on the "+" sign. Click Next.

  14. In the Add Contributors step click Next.

  15. Confirm the information and click Done.

If you want to organize CMS content using Topics, use these steps.

  1. Go to the API Community Manager control panel, click Manage CMS Content, and click Topics.

  2. Select the topics you want to enable to organize CMS content and click Enable for content in the top right.

Enable Salesforce CRM Content

  1. In Setup, search for Salesforce CRM using the Quick Find box and click Salesforce CRM Content.

  2. Click Enable Salesforce CRM Content.

  3. Click Save.

Enable Chatter Tracking for APIs

Chatter tracking enables your community to create discussions on specific objects like APIs.

  1. In Setup, search for Chatter using the Quick Find box and click Feed Tracking.

  2. Click the CommunityAPI object.

  3. Click Enable feed tracking. You do not need to select any fields.

  4. Click Save.

Publish Your Community

  1. In the API Community Manager control panel, click Community Builder.

  2. Click Publish in the top right corner.

  3. In the Publish Your Community dialog, click Publish.

    In a few minutes your community will be published.

  4. Look for an email notification including your community’s public URL.

  5. You can also find your community live URL by opening the API Community Manager control panel and clicking Open Community.

To use a custom domain name, also known as a vanity domain, refer to the Salesforce knowledge article Run your Salesforce Community under a custom domain.

Configure Profiles and Permissions

After you create a community, you must create the different user profiles for your community guests and members, so that you can control access to and visibility of APIs and content.

Configure Member User Access

In this section, you create the profile for members of your community. Users that are signed-in are members.

  1. In Setup, search for Users using the Quick Find box and click Profiles.

  2. Click the Customer Community Plus Login User profile.

  3. Click Clone.

  4. Enter ACM Member User for Profile Name.

  5. Click Save.

Next you need to give permissions to your members' profile so that they can access APIs, create client applications and manage their details.

  1. Click Edit in the ACM Member User profile page.

  2. In the Standard Object Permissions section, enable Read permissions for Documents.

  3. In the Custom Object Permissions section:

    1. Enable Read permissions for CommunityApi.

    2. Enable Read, Edit, Create, and Delete permissions for SelfRegisterUserRequests.

  4. In the External Object Permissions section:

    1. Enable Read permissions for these items.

      1. AnypointApiInstances

      2. AnypointApiTiers

      3. AnypointApiVersionQueries

      4. AnypointApiVersions

    2. Enable Read, Edit, Create and Delete permissions for these items.

      1. AnypointApplications

      2. AnypointContracts

  5. Click Save.

  6. In the ACM Member User profile page, go to the Field-Level Security section.

  7. In the Custom Field-Level Security section, for each of these objects, click View, then Edit, enable the permissions listed, and click Save.

    1. Enable Read permissions for all fields of these objects.

      1. AnypointApiInstances

      2. AnypointApiTiers

      3. AnypointApiVersionQueries

      4. AnypointApiVersion

      5. CommunityApi

    2. Enable Read and Edit permissions for these items.

      1. AnypointApplications

      2. AnypointContracts

      3. SelfRegisterUserRequests

Configure Sharing Settings

  1. In Setup, search for Users using the Quick Find box and click Public Groups.

  2. Click New.

  3. In the Label field, enter [Community Name] Public Group.

  4. In the Search list, select Users.

  5. Use the Add button to move User: [Your Community Name] Site Guest User from the Available Members box to the Selected Members box.

  6. Click Save.

In these steps, use the public group you just created.

  1. In Setup, search for Security using the Quick Find box and click Sharing Settings.

  2. Scroll to the CommunityApi Sharing Rules section near the bottom of the page and click New.

  3. In the Rule Name section, update Label with [Community Name] Guest.

  4. In the Select your rule type section, select Based on criteria.

  5. In the Select which records to be shared section, add these criteria.

    1. Field: Community Name Operator: equals Value: [Community Name]

    2. Field: Visibility Operator: equals Value: Public

  6. In Select the users to share with, enter Share with Public Groups and [Community Name] Public Group.

  7. In Select the level of access for the users, select Read Only.

  8. Click Save.

  9. Switch to Salesforce Classic. Click the user profile menu at top right and click Switch to Salesforce Classic.

  10. Click the plus (+) button at the end of the navigation menu bar.

  11. In the View list, select Content and then click Libraries.

  12. In the Manage Library list on the right, select Asset Library.

  13. In the Members section, select Add Members.

  14. In the Edit Library Membership Wizard, in the Search list select Public Groups and add the public group previously created with the Add button. Click Next.

  15. Assign the Viewer Permission and click Save.

  16. Switch back to the Lightning Experience by clicking Switch to Lightning Experience.

If you ever change the name of your community, be sure to update this setting.

Configure Members in Your Community

  1. In Setup, search for Communities using the Quick Find box and click Communities Settings.

  2. Scroll to Sharing Sets and click New.

  3. In the Sharing Set Edit section, update Label with [Community Name] Sharing Set. Click Save.

  4. In the Select Profiles section, select ACM Member User from Available Profiles and add it to Selected Profiles.

  5. In the Select Objects section, select CommunityApi from Available Objects and add it to Selected Objects.

  6. In the Configure Access section, select Set Up under the Action column.

  7. In the Access Mapping for CommunityApi page enter these values.

    1. Account in the User list.

    2. acm_pkg__Account_c in the Target CommunityApi list.

    3. Read Only in the Access Level list.

  8. Click Update.

  9. Click Save.

Access Mapping for CommunityApi

Configure Guest User Access

  1. In the API Community Manager control panel, open Community Builder and click Settings > General.

  2. Select the Public can access the community check box.

  3. Navigate to the guest user profile link under the Guest user profile section, named [Community Name] Profile.

  4. Click Edit.

  5. In the Standard Object Permissions section, enable Read permissions for Documents.

  6. In the Custom Object Permissions section:

    1. Enable Read permissions for CommunityApi.

    2. Enable Read, Edit, Create, and Delete permissions for SelfRegisterUserRequests.

  7. In the External Object Permissions section, enable Read permissions for these items.

    1. AnypointApiInstances

    2. AnypointApiTiers

    3. AnypointApiVersionQueries

    4. AnypointApiVersions

    5. AnypointApplications

    6. AnypointContracts

  8. Click Save.

  9. Go to the Field-Level Security section in the ACM Member User profile page.

  10. In the Custom Field-Level Security section, for each of these objects, click View, then Edit, enable the permissions listed, and click Save.

    1. Enable Read permissions for all fields of these objects.

      1. AnypointApiInstances

      2. AnypointApiTiers

      3. AnypointApiVersionQueries

      4. AnypointApiVersion

      5. CommunityApi

      6. AnypointApplications

      7. AnypointContracts

    2. Enable Read and Edit permissions for SelfRegisterUserRequests.

  11. Click Save.

Enable Guest User Registration as Members

These steps enable guests to register as members in your API Community Manager portal.

Add Self Register Component to Registration Page

The self-registration Lightning component enables guest users to register themselves as members of your community. If you’re not using any of the templates supplied with API Community Manager, use these steps to add the self-registration Lightning component specific to API Community Manager.

  1. In the API Community Manager control panel, open Community Builder.

  2. In the Pages list in the top left, navigate to the Register page.

  3. Remove the standard Self Registration Lightning component by clicking the delete icon next to it.

  4. Navigate to Components, search for Self Register and add the Lightning component to the page.

Assign a Profile for Your Community Members

  1. In the API Community Manager control panel, open Community Administration and navigate to the Members section in the left panel.

  2. In the Select Profiles section, in the Search list, click All.

  3. Use the Add button to add ACM Member User to the Selected Profiles box.

  4. Click Save.

Do not Remove the System Administrator profile from the Selected Profiles section. If you remove the System Administrator profile you will lose all access to your community.

Create an Account for Your Community

  1. Navigate to App Launcher and click Accounts.

  2. Click New to create a new account.

  3. Enter ACM Registered Users in Account Name.

  4. Click Save.

Configure Your Login and Registration Pages

Refer to Brand and Customize Your API Community to understand how to configure the look and feel of your login and registration pages.
  1. In the API Community Manager control panel, open Community Administration and navigate to the Login & Registration section in the left panel.

  2. Scroll down to the Registration Page Configuration section near the bottom of the page.

    1. Select Allow external users to self-register.

    2. Select Community Builder Page for Registration Page Type and click Register.

    3. Select ACM Member Users in Profile.

    4. Select ACM Registered Users Account in Account.

  3. Click Save.

Set Up an Admin Approval Process for New User Creation

Use these steps to set an optional approval process for self-registered users. The system will then require administrator approval before creating member accounts. If the request is approved, the new user account is created, a welcome email is sent to the new user, and the user sets a password and logs in to the community.

If you don’t configure an approval process, self-registered users will become members automatically when they register.

Create the Approval Process
  1. In Setup, search for Approval Processes in the Quick Find box and click Approval Processes.

  2. In the Manage Approval Processes For list, select Self Register User Request.

  3. In the Create New Approval Process list, select Use Standard Setup Wizard.

  4. In the wizard, enter this information.

    1. In Step 1. Enter Name and Description, set Process Name to Approve Registration.

    2. Click Next.

    3. In Step 2. Specify Entry Criteria, enter this information.

      1. Field: SelfRegisterUserRequest: Approved

      2. Operator: equals

      3. Value: False

    4. Click Next.

    5. In Step 3. Specify Approver Field and Record Editability Properties, in the Record Editability Properties section, select Administrators ONLY can edit records during the approval process.

    6. Click Next.

    7. In Step 4. Select Notification Templates, in the Approval Assignment Email Template section, in the look-up dialog, under the ACM category, select Registration Request.

    8. Click Next.

    9. In Step 5. Select Fields to Display on Approval Page Layout:

      1. Add Self Register User Request Name and Owner to Selected Fields.

      2. Select the Display approval history information in addition to the fields selected above check box.

    10. Click Next.

    11. In Step 6. Specify Initial Submitters, add Self Register User Request Owner to the Allowed Submitters column.

    12. Click Save and continue to the next section.

Create an Approval Step
  1. After you create the approval process in the previous section:

    1. If you are prompted to add an approval step, click Yes, I’d like to create an approval step now and click Go!.

    2. If you are not prompted to add an approval step:

      1. In Setup, search for Approval Processes in the Quick Find box and click Approval Processes.

      2. Click Approve Registration (the approval that you created in the previous section).

      3. In the Approval Steps section, click New Approval Step.

  2. In the Step 1. Enter Name and Description section, enter Step 1 in Name.

  3. Click Next.

  4. In the Step 2. Specify Step Criteria section, click Next.

  5. In the Step 3. Select Assigned Approver section, select Let the submitter choose the approver manually.

  6. Click Save.

Create a Final Approval Action
  1. After you create the Approval Step in the previous section:

    1. If you are prompted to add an Approval Action, click Yes, I’d like to create an approval action for this step now, select Field Update in the list, and click Go!.

    2. If you are not prompted to add an Approval Action:

      1. In Setup, search for Approval Processes in the Quick Find box and click Approval Processes.

      2. On the Self Register User Request: Approve Registration page, navigate to Final Approval Actions and click Add New.

      3. Click Field Update.

  2. In the Field Update Edit section, enter these values.

    1. Name: Create User

    2. Field to update: Approved

    3. Re-evaluate Workflow Rules after Field Change: Select the check box.

    4. Checkbox Options: True.

  3. Click Save.

Activate the Approval Process
  1. On the Approve Registration page, click Activate and confirm.

  2. In the API Community Manager control panel, open Community Builder and click Settings > General.

  3. In Community Builder, navigate to the Register page in the Pages list and select the API Community Manager Self Register Lightning component.

  4. Verify the Approved Registration and set the Approver Id with the User Id of the user you want to approve the registration requests.

To get the User Id:

  1. Navigate to Salesforce Setup.

  2. Search for Users in the Quick Find box and click Users.

  3. Select the user who you want to be the approver.

  4. The ID is contained in the URL of the User detail page you are currently viewing. Remove the first 2 characters and paste the remaining information in the Approver Id field. For example, if the unique ID is 2F0052D000001QpG1, paste 0052D000001QpG1 in the Approver Id field.

Set Up User Impersonation

Impersonation links each community member to an Anypoint user. This connects the Anypoint and community users and their client applications, so that applications are created under the correct user, and actions in audit logs are recorded accurately.

Impersonation uses SAML, and it requires an Identity Provider (IdP) to be configured in both Anypoint Platform and Salesforce organizations. You can use Salesforce as an IdP, as described here.

Configure Salesforce as a SAML Identity Provider

To set up SAML in your Salesforce organization:

  1. In Setup, search for App Manager using the Quick Find box and click App Manager.

  2. Click New Connected App in the top right.

  3. Provide this information in the Basic Information section.

    1. Connected App Name: Anypoint.

    2. Contact Email: Enter your email address.

  4. Provide this information in the Web App Settings section.

    1. Provide the Start URL: https://anypoint.mulesoft.com/accounts/login/<your_anypoint_domain_name> or the location where you want users to be sent in Anypoint Platform. You can find your Anypoint organization domain name by clicking Access ManagementOrganization and then selecting the root organization.

    2. Select Enable SAML.

    3. Provide any string as Entity Id. This is also the Audience configuration in Anypoint Platform.

    4. Provide https://anypoint.mulesoft.com/accounts/login/receive-id in the ACS URL. SAML assertions are sent to this ACS URL.

    5. Select Enable Single Logout.

    6. Provide Single Logout URL: https://anypoint.mulesoft.com/accounts/logout/receive-id.

    7. Set Single Logout Binding to HTTP Post.

    8. Set Subject Type to Username.

    9. Set Name ID Format to unspecified nameID format.

    10. Set Issuer to salesforce_org_domainname (such as https://[YourOrgDomain].my.salesforce.com).

    11. Set IdP Certificate to Default IdP Certificate.

    12. Click Save.

Set Up Custom Attributes

By default, Salesforce does not send first name and last name attributes of users, so you must add them explicitly.

  1. In your connected app screen, click Manage.

  2. Scroll to Custom Attributes.

  3. Add the first name attribute.

    1. Click New.

    2. Type firstname in the Attribute key field.

    3. Click Insert Field.

    4. Click $User >First NameInsertSave.

  4. Add the last name attribute.

    1. Click New.

    2. Type lastname in the Attribute key field.

    3. Click Insert Field.

    4. Click $User >Last NameInsertSave.

Configure External Identity in Your Anypoint Organization

In your connected app screen, click Manage. Make a note of the URIs under the SAML Login Information to use them in the Anypoint configuration in these steps.

Also, click Download metadata and retrieve the public key in the <ds:X509Certificate> tag inside the XML file.

  1. Log in to your Anypoint organization.

  2. Navigate to Access ManagementExternal IdentityIdentity ManagementSAML 2.0.

  3. Set Sign On URL to IdP-Initiated Login URL.

  4. Set Sign Off URL to Single Logout Endpoint.

  5. Set Issuer to match the Salesforce account: salesforce_org_domainname.

  6. Set the Public Key to the public key extracted from the <ds:X509Certificate> tag in the metadata XML you downloaded.

  7. Set Audience to match the Entity Id you set in the Salesforce account.

  8. Click Save.

Configure and Authorize the ODATA Bridge to Perform Impersonation

This step requires a private key or a certificate, and a keystore (JKS) containing that key or certificate. Use the same certificate that Salesforce IDP uses.

  1. In Salesforce Setup, search for Certificate and Key Management using the Quick Find box and click Certificate and Key Management.

  2. Click Export to Keystore in the Certificates section.

  3. Enter a new Password.

  4. Click Export.

  5. Log in to your Anypoint organization

  6. Go to Access ManagementEnvironments, click Add Environment and provide this information.

    1. Set Environment Name to ACM.

    2. Click Production.

    3. Click Create.

  7. Go to Users and open your user.

    1. Click Secrets Manager.

    2. Set Environment to the newly created environment ACM.

    3. Select all permissions in Permissions.

    4. Click the plus button.

  8. To apply these changes, log out and then log back in.

  9. Go to Secrets Manager and select the ACM environment using the environment switcher.

  10. Click Create Secret Group and enter this information.

    1. Set Name to Certificates.

    2. Click Secret Group Downloadable.

    3. Click Save.

    4. Click Keystore.

    5. Click Add Keystore.

    6. Provide this information.

      1. Name: Enter Impersonation.

      2. Type: Enter the type of your keystore, which is typically JKS.

      3. Keystore File: Choose your keystore file, which is typically the file you exported from Salesforce.

      4. Keystore Passphrase: Enter the exported Keystore.

      5. Alias: Choose the corresponding alias to your key or certificate.

      6. Key Passphrase: Create a new Passphrase.

      7. Click Save.

    7. Click Secret Groups, click Finish on the recently created secret group, and confirm the operation.

For detailed information about creating secret groups and adding certificates, refer to Create a Secret Group (Anypoint Platform).

Mapping Community User to Anypoint Role

  1. In your Anypoint Platform organization, navigate to Access Management and click Roles.

  2. In Exchange Viewers, set a new External group called Community User and save it.

IMPORTANT: If you choose to use another key or certificate for the impersonation feature, you must add this key in the External Identity configuration on Anypoint Platform, as shown in these steps.

  1. In Anypoint Platform, click Access ManagementExternal IdentityEdit.

  2. Add your key in Public Key

    1. Copy the key with no line breaks.

    2. After the key displayed in the Public Key field, add a comma (,) and then paste in the new key.

    3. Click Save.

Re-authenticate the External Data Source

Re-authenticate the External Data Source as described in Create and Authenticate the External Data Source.

Additional Configuration for EU Hosted Organizations

If your Anypoint Platform organization is hosted in the EU, perform these additional configuration steps to enable access to the EU instance of the Anypoint Management Plane.

  • Remote site settings: Add the new site AnypointEu with the URL https://eu1.anypoint.mulesoft.com.

  • CSP trusted sites: Add these sites.

    • https://eu1.anypoint.mulesoft.com

    • https://exchange2-file-upload-service-kprod-eu.s3.eu-central-1.amazonaws.com

    • https://exchange2-asset-manager-kprod-eu.s3.amazonaws.com

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.