Contact Free trial Login

Configure ACM

Follow these steps to configure API Community Manager (ACM).

Installing, updating or configuring ACM must be done by a user account with the System Administrator profile in the ACM Salesforce organization.
If your Anypoint Platform organization is hosted in the EU region you must replace all occurrences of the anypoint.mulesoft.com domain with eu1.anypoint.mulesoft.com in all the steps in this section.

Create and Authenticate the External Data Source

The external data source specifies how ACM components and data objects interact securely with your MuleSoft Anypoint organization.

Create a Connected App

You can perform this step either with the user interface or with an API call.

Create a Connected App with the User Interface

To create a connected app with the user interface, in Anypoint Platform, navigate to Access ManagementApplicationsCreate New Application, and provide the following information:

  1. Application Name: Enter a name.

  2. Redirect URIs: This URL can be found in the Authentication Provider configuration. Navigate to Salesforce SetupAuth. ProvidersAnypointCallback URL.

  3. User Grant Types

    1. Authorization Code: Checked.

    2. Refresh Token: Checked.

    3. Full Access: Checked

    4. Background Access: Checked.

  4. Select Create Application.

Create a Connected App with an API Call

To create a connected app with an API call, follow this example using cURL.

Get an authorization token from the platform:

    curl --silent https://anypoint.mulesoft.com/accounts/login -XPOST \
      -d 'username=<anypoint username>&password=<anypoint password>'

This returns a response like this:

    {
      "access_token": "5242XXXX-XXXX-XXXX-XXXX-XXXXXXXXfec7",
      "token_type": "bearer",
      "redirectUrl": "/home/"
    }

Note the access_token value.

Use the next cURL example to register an external client in Anypoint for OpenID authentication.

Replace the access token in the authorization header with the access_token value.

Replace [YourOrgDomain] with your Salesforce organization domain name. Find the domain name by logging in to your Salesforce organization, selecting Setup, and selecting the section My Domain.

    curl -X POST \
      https://anypoint.mulesoft.com/accounts/api/connectedApplications \
      -H 'Accept: */*' \
      -H 'Accept-Encoding: gzip, deflate' \
      -H 'Authorization: Bearer 5242XXXX-XXXX-XXXX-XXXX-XXXXXXXXfec7' \
      -H 'Host:anypoint.mulesoft.com' \
      -d '{"client_name":"SalesforceApp","grant_types":["authorization_code","refresh_token"],"redirect_uris":["https://[YourOrgDomain].my.salesforce.com/services/authcallback/Anypoint"],"scopes":["full","offline_access"],"public_keys":[]}'

The cURL command will return a response like this:

    {
      "client_id": "5fafXXXXXXXXXXXXXXXXXXXXXXXX29c9",
      "client_secret": "9509XXXXXXXXXXXXXXXXXXXXXXXXC10E",
      "client_name": "ACM Integration Client",
      "redirect_uris": [
        "https://[YourOrgDomain].my.salesforce.com/services/authcallback/Anypoint"
      ],
      "grant_types": [
        "authorization_code",
        "refresh_token"
      ],
      "public_keys": [],
      "scopes": [
        "offline_access",
        "full"
      ],
      "enabled": true,
      "owner_org_id": "f377XXXX-XXXX-XXXX-XXXX-XXXXXXXX9d08",
      "as_id": "anypoint"
    }

Note the client_id and client_secret values.

Create Your Authentication Provider

If your Anypoint Platform organization is hosted in the EU, change https://anypoint.mulesoft.com to https://eu1.anypoint.mulesoft.com.
  1. In Setup, search for Auth. Providers using the Quick Find box and select Auth. ProvidersNew.

  2. In Provider type select Open ID Connect.

  3. Set the Name to Anypoint.

  4. Set the Consumer Key to the application ID of the Connect App created in Anypoint.

  5. Set the Consumer Secret to the application secret of the Connect App created in Anypoint.

  6. Set the Authorize Endpoint URL to https://anypoint.mulesoft.com/accounts/api/v2/oauth2/authorize .

  7. Set the Token Endpoint URL to https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token .

  8. Set the Default Scopes to full offline_access.

  9. Select Save.

Remember to associate the external data source with this authentication provider.

Authorize and Authenticate Your External Data Source

  1. Search for External Data Source in the Quick Find box and then select External Data Sources.

  2. Locate the Exchange item and then select Edit.

  3. Update Identity Type to Named Principal.

  4. Update Authentication Protocol to OAuth 2.0.

  5. Update Authentication Provider to Anypoint.

  6. Select Save.

  7. If you don’t have an active session in your Anypoint Platform organization, the Anypoint Login page is shown. Log in to the Anypoint Platform to complete the authentication. If you already have an active session, authentication is performed without requiring a login.

  8. Verify the Exchange External Data Sources Authentication Status is Authenticated.

After authenticating the External Data Source, provide the credentials of an Anypoint Platform system user with read-only access, for components like the API Console which retrieve data directly from the Anypoint Platform APIs:

  1. Search for Named Credentials in the Quick Find box and then select Named Credentials.

  2. Locate the anypoint.mulesoft item and then select Edit.

  3. In the Authentication section, enter the Anypoint username and password in the Username and Password fields, respectively, for a system user with read-only privileges in your Anypoint Platform organization.

  4. Select Save.

Enable ACM Control Panel

The ACM Control Panel is the interface your community administrators and operators will use to operate your communities. It is available in the App Launcher where it is the first icon displayed in the main navigation bar. To ensure it is available for admin users:

  1. In Setup, search for App Manager using the Quick Find box and select App Manager.

  2. Locate the API Community Manager item, open the drop down menu on the right end of the row and select Edit.

  3. Select Navigation Items on the left panel, highlight the ACM Administrator item under the Available Items box, and use the arrow buttons to move it to the Selected Items box. Select Save.

  4. Select Back at the top right.

  5. Log out and log back in to your Salesforce organization.

  6. Open the App Launcher and select API Community Manager.

  7. Verify that the ACM Control Panel is displayed correctly. In the Application Launcher, open ACM Administrator. If you see a message that you have not created a community, the actions in this step were done correctly.

Update Your User Role and Permissions

  1. In Setup, search for Users using the Quick Find box and select Users.

  2. Locate your username and select Edit.

  3. Set the Role for your account. This can be any role from the list, but cannot be none. If you don’t see any roles in the dropdown list, refer to the Salesforce knowledge article Add roles to the role hierarchy for instructions to create a role in your organization.

  4. Select Salesforce CRM Content User.

  5. Select Save.

Communities Configuration

Create a Community

  1. If you are not familiar with Communities, refer to the Salesforce Communities Overview.

  2. Navigate to Setup.

  3. In the Quick Find box, enter All Communities and then select All Communities.

  4. Select New Community. All communities templates are listed.

  5. Choose any of the API Community Manager Templates if you want to get started from an example, any of the other available templates, or Build your own if you want to design your community from scratch with full control of the structure and look and feel.

  6. On the desired template page, select Get Started.

  7. Enter a Name and an optional URL suffix for your community.

  8. Select Create. The configuration process will take a few minutes.

  9. When the configuration process finishes, you’ll see your new community workspace. Select Install AppExchange Package on the top banner to install the pre-defined metrics and dashboards, and follow the installation wizard instructions. Be sure to install this package in your production organization when prompted by the wizard. You may need to re-enter your login credentials to complete the installation of this package.

  10. In the Application Launcher navigate to ACM Administrator, select Community Administration, select the Settings section, and select Activate Community.

Customize Your Community

Enable Forums

  1. In the Application Launcher navigate to ACM Administrator, select Community Administration, and select Preferences in the left panel.

  2. Select Show all settings in Workspaces.

  3. Select Save so this setting is reflected.

  4. Select Allow discussion threads.

  5. Select Save.

  6. Go back to the ACM Control Panel, and select Manage CMS Content.

  7. Select the Topics tab.

  8. Select Navigational Topics.

  9. Create as many topics as you need for your community forums and select Save.

Define Moderation Rules for Forums

By default discussion forums are not moderated, so any member can create posts with any content and the posts become visible for other members immediately. If you want to define a basic "review/approve-all" moderation model, follow the steps below:

  1. In the ACM Control Panel, select Manage Forums and select Rules.

  2. Select New and create a Content Rule.

  3. Enter a Name and a Unique Name in the Details section and select Activate Rule.

  4. In the Rule Conditions section, select Post and Comment, and select Review in Moderation Action.

  5. In the Criteria section, move all items in Member Criteria from the Available Criteria box to the Selected Criteria box.

  6. Select Save.

Forum Moderation Rule
Verify the Activate Rule check box is active when saving your changes.

You can define much more advanced moderation and review rules. You can find more information in the Salesforce Community Cloud documentation about forum moderation rules.

Enable Salesforce CMS

  1. In Setup, search for Salesforce Files using the Quick Find box and select General Settings.

  2. Select Edit.

  3. Select Libraries in Salesforce Files.

  4. Select Save.

  5. In Setup, search for App Manager using the Quick Find box and select App Manager.

  6. Locate the Salesforce CMS item, open the drop down menu on the right end of the row and select Edit.

  7. Select User Profiles on the left panel, highlight the System Administrator item under the Available Profiles box, and use the arrow buttons to move it to the Selected Profiles box.

  8. Select Save.

  9. Click Back at the top right.

  10. Open the App Launcher and select Salesforce CMS.

  11. Select Create Your First Workspace.

  12. In the Name and Describe Your Workspace step enter a Name for your workspace and select Next.

  13. In the Add Destination step, select your community in the list by clicking on the "+" sign. Select Next.

  14. In the Add Contributors step select Next.

  15. Confirm the information and select Done.

If you want to organize CMS content using Topics:

  1. Go to ACM Control Panel, select Manage CMS Content, and select Topics.

  2. Select the topics you want to enable to organize CMS content and select Enable for content in the top right.

Enable Salesforce CRM Content

  1. In Setup, search for Salesforce CRM using the Quick Find box and select Salesforce CRM Content.

  2. Select Enable Salesforce CRM Content.

  3. Select Save.

Enable Chatter Tracking for APIs

Chatter tracking allows creating discussions on specific objects like APIs. To use Chatter tracking for APIs:

  1. In Setup, search for Chatter using the Quick Find box and select Feed Tracking.

  2. Select the CommunityAPI object.

  3. Select Enable feed tracking. You do not need to select any fields.

  4. Select Save.

Publish Your Community

  1. In the ACM Control Panel, select Community Builder.

  2. Select Publish on the top right corner, and select Publish in the Publish Your Community dialog.

  3. In a few minutes your community will be published, and you will receive an email notification including your community’s public URL. You can also find your community live URL by opening the ACM Control Panel and selecting Open Community.

To use a custom domain name, also known as a vanity domain, refer to the Salesforce knowledge article Run your Salesforce Community under a custom domain.

Configure Profiles and Permissions

After you create a community, you must create the different user profiles for your community guests and members, so that you can control access to and visibility of APIs and content.

Configure Member User Access

In this section, you create the profile for members of your community. Users that are signed-in are members.

  1. In Setup, search for Users using the Quick Find box and select Profiles.

  2. Select the Customer Community Plus Login User profile.

  3. Select Clone.

  4. Enter ACM Member User for Profile Name.

  5. Select Save.

Next you need to give permissions to your members' profile so that they can access APIs, create client applications and manage their details. To do this:

  1. Select Edit in the ACM Member User profile page.

  2. In the Standard Object Permissions section:

    1. Enable Read permissions for:

      1. Documents

  3. In the Custom Object Permissions section:

    1. Enable Read permissions for:

      1. CommunityApi

    2. Enable Read, Edit, Create and Delete permissions for:

      1. SelfRegisterUserRequests

  4. In the External Object Permissions section:

    1. Enable Read permissions for:

      1. AnypointApiInstances

      2. AnypointApiTiers

      3. AnypointApiVersionQueries

      4. AnypointApiVersions

    2. Enable Read, Edit, Create and Delete permissions for:

      1. AnypointApplications

      2. AnypointContracts

  5. Select Save.

  6. Go to the Field-Level Security section in the ACM Member User profile page.

  7. In the Custom Field-Level Security section, for each of the following objects, select View, then Edit, enable the corresponding permissions as follows, and select Save on each:

    1. Enable Read permissions for all fields of the objects:

      1. AnypointApiInstances

      2. AnypointApiTiers

      3. AnypointApiVersionQueries

      4. AnypointApiVersion

      5. CommunityApi

    2. Enable Read and Edit permissions for:

      1. AnypointApplications

      2. AnypointContracts

      3. SelfRegisterUserRequests

Configure Sharing Settings

  1. In Setup, search for Users using the Quick Find box and select Public Groups.

  2. Select New.

  3. In the Label field, enter [Community Name] Public Group.

  4. In the Search dropdown, select Users.

  5. Use the Add button to move User: [Your Community Name] Site Guest User from the Available Members box to the Selected Members box.

  6. Select Save.

In the following steps you will use the public group that you’ve just created.

  1. In Setup, search for Security using the Quick Find box and select Sharing Settings.

  2. Scroll to the CommunityApi Sharing Rules section near the bottom of the page and select New.

  3. In the Rule Name section, update Label with [Community Name] Guest.

  4. In the Select your rule type section, select Based on criteria.

  5. In the Select which records to be shared section, add the following criteria:

    1. Field: Community Name Operator: equals Value: [Community Name]

    2. Field: Visibility Operator: equals Value: Public

  6. In Select the users to share with: enter Share with: Public Groups and [Community Name] Public Group.

  7. In Select the level of access for the users, select Read Only.

  8. Select Save.

  9. Switch to Salesforce Classic. Select the user profile menu at top right and select Switch to Salesforce Classic.

  10. Select the plus (+) button at the end of the navigation menu bar.

  11. In the View dropdown, select Content and then select Libraries.

  12. In the Manage Library dropdown on the right, select Asset Library.

  13. In the Members section, select Add Members.

  14. In the Edit Library Membership Wizard, select Public Groups from the Search drop-down and add the public group previously created with the Add button. Select Next.

  15. Assign the Viewer Permission and select Save.

  16. Switch back to the lightning Experience by selecting Switch to Lightning Experience.

If you ever change the name of your community, be sure to update this setting.

Configure Members in Your Community

  1. In Setup, search for Communities using the Quick Find box and select Communities Settings.

  2. Scroll to Sharing Sets and select New.

  3. In the Sharing Set Edit section, update Label with [Community Name] Sharing Set. Select Save.

  4. In the Select Profiles section, select ACM Member User from Available Profiles and add it to Selected Profiles.

  5. In the Select Objects section, select CommunityApi from Available Objects and add it to Selected Objects.

  6. In the Configure Access section, select Set Up under the Action column.

  7. In the Access Mapping for CommunityApi page enter:

    1. Account in the User dropdown.

    2. acm_pkg__Account_c in the Target CommunityApi dropdown.

    3. Read Only in the Access Level dropdown.

  8. Select Update.

  9. Select Save.

Access Mapping for CommunityApi

Configure Guest User Access

  1. In the ACM Control Panel, open Community Builder, and select SettingsGeneral.

  2. Select the Public can access the community check box.

  3. Navigate to the guest user profile link under the Guest user profile section, named [Community Name] Profile.

  4. Select Edit.

  5. In the Standard Object Permissions section:

    1. Enable Read permissions for:

      1. Documents

  6. In the Custom Object Permissions section:

    1. Enable Read permissions for:

      1. CommunityApi

    2. Enable Read, Edit, Create and Delete permissions for:

      1. SelfRegisterUserRequests

  7. In the External Object Permissions section:

    1. Enable Read permissions for:

      1. AnypointApiInstances

      2. AnypointApiTiers

      3. AnypointApiVersionQueries

      4. AnypointApiVersions

      5. AnypointApplications

      6. AnypointContracts

  8. Select Save.

  9. Go to the Field-Level Security section in the ACM Member User profile page.

  10. In the Custom Field-Level Security section, for each of the following objects, select View, then Edit, enable the corresponding permissions as follows, and select Save on each:

    1. Enable Read permissions for all fields of the objects:

      1. AnypointApiInstances

      2. AnypointApiTiers

      3. AnypointApiVersionQueries

      4. AnypointApiVersion

      5. CommunityApi

      6. AnypointApplications

      7. AnypointContracts

    2. Enable Read and Edit permissions for:

      1. SelfRegisterUserRequests

Enable Guest User Registration as Members

Add Self Register Component to Registration Page

The self-register component allows guest users to self-register in your community to become members. If you’re not using any of the ACM out-of-the-box templates, follow these steps to use the ACM-specific self-registration component.

  1. In the ACM Control Panel, open Community Builder and navigate to the Register page in the Pages menu on the top left.

  2. Remove the standard Self Registration component by selecting the delete icon next to it.

  3. Navigate to Components, search for Self Register and add the component to the page.

Assign a Profile for Your Community Members

  1. In the ACM Control Panel, open Community Administration and navigate to the Members section on the left panel.

  2. In the Select Profiles section, Select All in the Search drop-down.

  3. Use the Add button to add ACM Member User to the Selected Profiles box.

  4. Select Save.

Do not Remove the System Administrator profile from the Selected Profiles section. If you remove the System Administrator profile you will lose all access to your community.

Create an Account for Your Community

  1. Navigate to App Launcher and select Accounts.

  2. Select New to create a new account.

  3. Enter ACM Registered Users in Account Name.

  4. Select Save.

Configure Your Login and Registration Pages

Refer to Brand and Customize Your API Community to understand how to configure the look and feel of your login and registration pages.
  1. In the ACM Control Panel, open Community Administration and navigate to the Login & Registration section on the left panel.

  2. Scroll down to the Registration Page Configuration section near the bottom of the page:

    1. Select Allow external users to self-register.

    2. Select Community Builder Page for Registration Page Type and select Register.

    3. Select ACM Member Users in Profile.

    4. Select ACM Registered Users Account in Account.

  3. Select Save.

Set Up an Admin Approval Process for New User Creation

Follow these steps to set an optional approval process for self-registered users. The system will then require administrator approval before creating member accounts. If the request is approved, the new user account is created, a welcome email is sent to the new user, and the user sets a password and logs in to the community.

If you don’t configure an approval process, self-registered users will become members automatically when they register.

Create the Approval Process
  1. In Setup, search for Approval Processes in the Quick Find box and select Approval Processes.

  2. Select Self Register User Request in the Manage Approval Processes For: drop-down.

  3. Select Use Standard Setup Wizard in the Create New Approval Process drop-down.

  4. In the wizard, enter the following information:

    1. In Step 1. Enter Name and Description, enter the following information:

      1. Process Name: Approve Registration.

    2. Select Next.

    3. In Step 2. Specify Entry Criteria, enter the following information:

      1. Field: SelfRegisterUserRequest: Approved

      2. Operator: equals

      3. Value: False

    4. Select Next.

    5. In Step 3. Specify Approver Field and Record Editability Properties:

      1. In the Record Editability Properties section select Administrators ONLY can edit records during the approval process.

    6. Select Next.

    7. In Step 4. Select Notification Templates:

      1. Select Registration Request in the Approval Assignment Email Template section, under the ACM category in the look-up dialog.

    8. Select Next.

    9. In Step 5. Select Fields to Display on Approval Page Layout:

      1. Add Self Register User Request Name and Owner to Selected Fields.

      2. Select the Display approval history information in addition to the fields selected above check box.

    10. Select Next.

    11. In Step 6. Specify Initial Submitters:

      1. Add Self Register User Request Owner to the Allowed Submitters column.

    12. Select Save and continue to the next section.

Create an Approval Step
  1. After you create the approval process in the previous section:

    1. If you are prompted to add an approval step, select Yes, I’d like to create an approval step now and select Go!.

    2. If you are not prompted to add an approval step:

      1. In Setup, search for Approval Processes in the Quick Find box and select Approval Processes.

      2. Select Approve Registration (the approval that you created in the previous section).

      3. In the Approval Steps section, select New Approval Step.

  2. In the Step 1. Enter Name and Description section:

    1. Enter Step 1 in Name.

  3. Select Next.

  4. In the Step 2. Specify Step Criteria section, select Next.

  5. In the Step 3. Select Assigned Approver section:

    1. Select Let the submitter choose the approver manually.

  6. Select Save.

Create a Final Approval Action
  1. After you create the Approval Step in the previous section:

    1. If you are prompted to add an Approval Action, select Yes, I’d like to create an approval action for this step now, select Field Update in the dropdown, and select Go!.

    2. If you are not prompted to add an Approval Action:

      1. In Setup, search for Approval Processes in the Quick Find box and select Approval Processes.

      2. On the Self Register User Request: Approve Registration page, navigate to Final Approval Actions and select Add New.

      3. Select Field Update.

  2. In the Field Update Edit section, enter the following values:

    1. Name: Create User

    2. Field to update: Approved

    3. Re-evaluate Workflow Rules after Field Change: Select the check box.

    4. Checkbox Options: True.

  3. Select Save.

Activate the Approval Process
  1. On the Approve Registration page, select Activate and confirm.

  2. In the ACM Control Panel, open Community Builder, and select SettingsGeneral.

  3. In the Community Builder, navigate to the Register page in the pages menu and select the ACM Self Register component.

  4. Verify the Approved Registration and set the Approver Id with the User Id of the user you want to approve the registration requests.

To get the User Id:

  1. Navigate to Salesforce Setup.

  2. Search for Users in the Quick Find box and select Users.

  3. Select the user who you want to be the approver.

  4. The ID is contained in the URL of the User detail page you are currently viewing. Remove the first 2 characters and paste the remaining information in the Approver Id field. For example, if the unique ID is 2F0052D000001QpG1, paste 0052D000001QpG1 in the Approver Id field.

Set Up User Impersonation

Impersonation links each community member to an Anypoint user. This connects the Anypoint and community users and their client applications, so that applications are created under the correct user, and actions in audit logs are recorded accurately.

Impersonation uses SAML, and it requires an Identity Provider (IdP) to be configured in both Anypoint Platform and Salesforce organizations. You can use Salesforce as an IdP, as described in the following sections.

Configure Salesforce as a SAML Identity Provider

To set up SAML in your Salesforce organization:

  1. In Setup, search for App Manager using the Quick Find box and select App Manager.

  2. Select New Connected App in the top right.

  3. Provide the following information in the Basic Information section:

    1. Connected App Name: Anypoint.

    2. Contact Email: Enter your email address.

  4. Provide the following information in the Web App Settings section:

    1. Provide the Start URL: https://anypoint.mulesoft.com/accounts/login/<your_anypoint_domain_name> or the location where you want users to be sent in the Anypoint Platform. You can find your Anypoint organization domain name by selecting Access ManagementOrganization and then selecting the root organization.

    2. Select Enable SAML.

    3. Provide any string as Entity Id. This is also the Audience configuration in the Anypoint Platform.

    4. Provide https://anypoint.mulesoft.com/accounts/login/receive-id in the ACS URL. SAML assertions are sent to this ACS URL.

    5. Select Enable Single Logout.

    6. Provide Single Logout URL: https://anypoint.mulesoft.com/accounts/logout/receive-id.

    7. Set Single Logout Binding to HTTP Post.

    8. Set Subject Type to Username.

    9. Set Name ID Format to unspecified nameID format.

    10. Set Issuer to salesforce_org_domainname (such as https://[YourOrgDomain].my.salesforce.com).

    11. Set IdP Certificate to Default IdP Certificate.

    12. Select Save.

Set Up Custom Attributes

By default, Salesforce does not send first name and last name attributes of users, so you must add them explicitly. To do this:

  1. In your connected app screen, select Manage.

  2. Scroll to Custom Attributes.

  3. Add the first name attribute:

    1. Select New.

    2. Type firstname in the Attribute key field.

    3. Select Insert Field.

    4. Select $User >First NameInsertSave.

  4. Add the last name attribute:

    1. Select New.

    2. Type lastname in the Attribute key field.

    3. Click Insert Field.

    4. Select $User >Last NameInsertSave.

Configure External Identity in Your Anypoint Organization

In your connected app screen, select Manage. Make a note of the URIs under the SAML Login Information to use them in the Anypoint configuration in the following steps.

Also, select Download metadata and retrieve the public key in the <ds:X509Certificate> tag inside the XML file.

  1. Log in to your Anypoint organization.

  2. Navigate to Access ManagementExternal IdentityIdentity ManagementSAML 2.0.

  3. Set Sign On URL to IdP-Initiated Login URL.

  4. Set Sign Off URL to Single Logout Endpoint.

  5. Set Issuer to match the Salesforce account: salesforce_org_domainname.

  6. Set the Public Key to the public key extracted from the <ds:X509Certificate> tag in the metadata XML you downloaded.

  7. Set Audience to match the Entity Id you set in the Salesforce account.

  8. Select Save.

Configure and Authorize the ODATA Bridge to Perform Impersonation

This step requires a private key or a certificate, and a keystore (JKS) containing that key or certificate. Use the same certificate that Salesforce IDP uses.

  1. In Salesforce Setup, search for Certificate and Key Management using the Quick Find box and select Certificate and Key Management.

  2. Select Export to Keystore in the Certificates section.

  3. Enter a new Password.

  4. Select Export.

  5. Log in to your Anypoint organization

  6. Go to Access ManagementEnvironments, select Add Environment and provide the following information:

    1. Set Environment Name to ACM.

    2. Select Production.

    3. Select Create.

  7. Go to Users and open your user.

    1. Select Secrets Manager.

    2. Set Environment to the newly created environment: ACM.

    3. Select all permissions in Permissions.

    4. Select the plus button.

  8. To apply these changes, log out and then log back in.

  9. Go to Secrets Manager and select the ACM environment using the environment switcher. Select Create Secret Group and enter the following information:

    1. Set Name to Certificates.

    2. Select Secret Group Downloadable.

    3. Select Save.

    4. Select Keystore.

    5. Select Add Keystore.

    6. Provide the following information:

      1. Name: Enter Impersonation.

      2. Type: Enter the type of your keystore, which is typically JKS.

      3. Keystore File: Choose your keystore file, which is typically the file you exported from Salesforce.

      4. Keystore Passphrase: Enter the exported Keystore.

      5. Alias: Choose the corresponding alias to your key or certificate.

      6. Key Passphrase: Create a new Passphrase.

      7. Select Save.

    7. Select Secret Groups.

      1. Select Finish on the recently created secret group and confirm the operation.

For detailed information about creating secret groups and adding certificates, refer to Create a Secret Group (Anypoint Platform).

Mapping Community User to Anypoint Role

  1. In your Anypoint Platform organization, navigate to Access Management and select Roles.

  2. In Exchange Viewers, set a new External group called Community User and save it.

IMPORTANT: If you choose to use another key or certificate for the impersonation feature, you must add this key in the External Identity configuration on Anypoint, as shown in the following steps:

  1. In Anypoint, select Access ManagementExternal IdentityEdit.

  2. Add your key in Public Key:

    1. Copy the key with no line breaks.

    2. After the key displayed in the Public Key field, add a comma (,) and then paste in the new key.

    3. Select Save.

Re-authenticate the External Data Source

Re-authenticate the External Data Source as described in Create and Authenticate the External Data Source.

Additional Configuration for EU Hosted Organizations

If your Anypoint Platform organization is hosted in the EU, perform the following additional configuration steps to enable access to the EU instance of the Anypoint Management Plane.

  • Remote site settings: Add the new site AnypointEu with the URL https://eu1.anypoint.mulesoft.com.

  • CSP trusted sites: Add the following sites:

    • https://eu1.anypoint.mulesoft.com

    • https://exchange2-file-upload-service-kprod-eu.s3.eu-central-1.amazonaws.com

    • https://exchange2-asset-manager-kprod-eu.s3.amazonaws.com