Installation Prerequisites
To install Anypoint API Community Manager, you must follow these prerequisite steps.
Enable Digital Experiences
Follow the steps in Enable Digital Experiences to enable digital experiences inside your Salesforce organization.
Set Salesforce Admin Role
Installing, updating, or configuring Anypoint API Community Manager must be done by a user account with the System Administrator profile in the API Community Manager Salesforce organization. You must set permissions and a role for your Salesforce API Community Manager organization administrator user:
-
Log in to your Salesforce organization.
-
In Setup, use the Quick Find box to find and click Users.
-
Locate your username and click Edit.
-
Set the role for your account by selecting from the Role list.
This can be any role from the list, but cannot be none.
If you don’t see any roles in the list, refer to the Salesforce knowledge article Add roles to the role hierarchy for instructions to create a role in your organization.
If you create a role, enter a role name such as
Salesforce_ACM_org_admin_user
. -
Enable the option Salesforce CRM Content User.
-
Click Save.
Add the Monitoring Viewer Permission
Add the Monitoring Viewer permission to view metrics for applications on the My Applications details page:
-
Log in to Anypoint Platform and go to Access Management.
-
Select Teams and select Community Users.
-
Select the Permissions tab and click Add permissions.
-
Select Anypoint Monitoring > Monitoring Viewer and click Next.
-
Select all business groups that apply and click Next.
-
Click Add Permissions.
Verify API Community Manager Entitlement
Verify API Community Manager entitlement for your Anypoint organization:
-
Log in to your Anypoint Platform organization.
-
Choose the correct URL for your cloud and open the URL in your browser:
-
US cloud:
https://anypoint.mulesoft.com/accounts/api/profile
-
EU cloud:
https://eu1.anypoint.mulesoft.com/accounts/api/profile
-
MuleSoft Government Cloud:
https://gov.anypoint.mulesoft.com/accounts/api/profile
-
-
Verify that under the Entitlements property, the
apiCommunityManager
value istrue
.
Prepare Identity Provider Data
If You Already Have an Anypoint Platform Identity Provider
If you already have an Anypoint Platform identity provider, get identity provider data from your current configuration:
-
If you are using SAML:
-
Click Access Management > Identity Providers.
-
On SAML 2.0 click Edit.
-
Copy the issuer and the audience so you can use them in the installation.
-
-
If you are using OpenID Connect:
-
Copy the organization ID so you can use it in the installation.
-
If You Do Not Already Have an Anypoint Platform Identity Provider
If you do not already have an Anypoint Platform identity provider (IdP), configure Salesforce as a SAML IdP.
The following instructions use URLs for the US cloud that begin with https://anypoint.mulesoft.com/
. If you are using the EU cloud, substitute https://eu1.anypoint.mulesoft.com/
. If you are using MuleSoft Government Cloud, substitute https://gov.anypoint.mulesoft.com/
.
-
In Setup, search for App Manager using the Quick Find box and click App Manager.
-
Click New Connected App in the top right.
-
Provide this information in the Basic Information section.
-
Connected App Name:
Anypoint
. -
Contact Email: Enter your email address.
-
-
Provide this information in the Web App Settings section.
-
Provide the Start URL:
https://anypoint.mulesoft.com/accounts/login/<your_anypoint_domain_name>
or the location where you want users to be sent in Anypoint Platform.You can find your Anypoint organization domain name by clicking Access Management > Organization and then selecting the root organization.
-
Select Enable SAML.
-
Provide any string as Entity Id. This is also the Audience configuration in Anypoint Platform.
-
Provide
https://anypoint.mulesoft.com/accounts/login/receive-id
in the ACS URL. SAML assertions are sent to this ACS URL. -
Select Enable Single Logout.
-
Provide Single Logout URL:
https://anypoint.mulesoft.com/accounts/logout/receive-id
. -
Set Single Logout Binding to HTTP Post.
-
Set Subject Type to Username.
-
Set Name ID Format to unspecified nameID format.
-
Set Issuer to salesforce_org_domainname (such as
https://[YourOrgDomain].my.salesforce.com
). -
Set IdP Certificate to Default IdP Certificate.
-
Click Save.
-
Configure external identity in your Anypoint organization:
-
In the Salesforce organization, click Setup, use the Quick Find box to search for Identity Provider, and click Identity Provider.
-
Click Enable Identity Provider.
-
Save.
-
Use the Quick Find box to search for App Manager, choose the app named Anypoint, and in the last column of the table, click the arrow and click Manage.
-
Make a note of the URIs under the SAML Login Information to use them in the Anypoint configuration in these steps.
-
Click Download metadata and retrieve the public key in the
<ds:X509Certificate>
tag inside the XML file. -
Log in to your Anypoint organization.
-
Navigate to Access Management > Identity Providers > SAML 2.0.
-
Set Sign On URL to IdP-Initiated Login URL.
-
If you do not want external users to be able to log in directly to the Anypoint organization, set Sign On URL to a value of a nonfunctioning URL, for example, http://www.example.com/login.
-
Set Sign Off URL to Single Logout Endpoint.
-
Set Issuer to salesforce_org_domainname (such as
https://[YourOrgDomain].my.salesforce.com
). -
Set the Public Key to the public key extracted from the
<ds:X509Certificate>
tag in the metadata XML you downloaded. -
Set Audience to match the Entity Id you set in the Salesforce account.
-
Click Save.
Next Steps
After these prerequisite steps, continue to the installation steps.