-----BEGIN CERTIFICATE----- PUBLIC KEY -----END CERTIFICATE-----
Manual Setup
To set up Anypoint API Community Manager manually, follow these steps.
Set Up and Register a Domain and Enable Communities
To set up and register a domain:
-
Log in to your API Community Manager Salesforce Organization.
-
Go to Salesforce Set-up by selecting the gear icon and selecting Set-up.
-
Search for My Domain using the Quick Find box and then select My Domain.
-
Enter a domain name for your organization. The name can include up to 34 letters, numbers, and hyphens.
-
Select Check Availability. If the name is already taken, choose a different one.
-
Select Register Domain.
You will receive a notification email when your domain is registered and your subdomain name is ready for testing. This process can take a few minutes. You can continue with the next steps while you wait for the email.
After you complete API Community Manager installation and configuration, you can configure a full custom domain name, also known as a vanity domain. When you’re ready, refer to the Salesforce knowledge article Run your Salesforce Community under a custom domain. |
Using the domain name you selected in the previous step, follow the steps in Enable Salesforce Communities to enable communities inside your Salesforce organization.
Deploy Your Domain
Wait to receive the notification email that your domain is registered, and then deploy your domain:
-
Log in to your API Community Manager Salesforce Organization.
-
Go to Salesforce Set-up by clicking the gear icon and selecting Set-up.
-
Search for My Domain using the Quick Find box and then select My Domain.
-
If the screen indicates your domain is ready, select Log in.
-
Select Deploy to Users.
Enable API Community Manager Control Panel
The API Community Manager control panel is the interface your community administrators and operators use to operate your communities. It is available in the App Launcher page, where it is the first icon displayed in the main navigation bar. To ensure that the control panel is available for admin users:
-
In Setup, search for App Manager using the Quick Find box and click App Manager.
-
Locate API Community Manager and, in the menu on the right end of the row, click Edit.
-
Click Navigation Items in the left panel, select ACM Administrator under the Available Items box, and use the arrow buttons to move it to the Selected Items box.
-
Click Save.
-
Click Back at the top right.
-
Log out and log back in to your Salesforce organization.
-
Open App Launcher and click API Community Manager.
-
Verify that the API Community Manager control panel is displayed correctly by navigating to Application Launcher > ACM Administrator.
If you see a message that you have not created a community, then the steps in this task were performed correctly.
Set Up the Data Bridge
The data bridge is the secure connection from Anypoint API Community Manager to your Anypoint Platform organization.
API Community Manager components and data objects use Anypoint Platform as their external data source.
Create a Key Pair
This key pair will be created in Salesforce and used for communication between Salesforce and Anypoint.
-
Click Setup > Security > Certificate and Key Management > Create Self-Signed Certificate.
-
Choose a Label/Name and remember the name you chose.
-
Disable Exportable Private Key.
-
Set Key Size to 2048 or larger.
-
Click Save.
-
Click Download Certificate.
The public key is saved on your local machine, and you will use it in the following steps.
Create Connected App in Anypoint
-
Click Access Management > Connected Apps > Create App.
-
Choose a name.
-
Enable App acts on behalf of a user.
-
In the section Grant types enable JWT Bearer.
-
Copy the public key from the file downloaded in the previous steps and paste it into the public key text area.
The certificate must have the correct format, such as this:
-
Set Website URL to
https://login.salesforce.com
. -
In the section Redirect URIs add
http://localhost
.Connected apps require redirect URIs but this configuration does not use them.
-
In the section Who can use this application? select Members of this organization only.
-
In the section Scopes add Background Access and Full Access.
-
Click Save.
You receive a client ID and a client secret. This configuration uses the certificate and does not use the client secret. Save the client ID so you can use it in the following steps.
Identity Provider Data
The following steps require the identity provider data you prepared in the Installation Prerequisites.
Create Named Credential
The following instructions use URLs for the US cloud that begin with https://anypoint.mulesoft.com/
. If you are using the EU cloud, substitute https://eu1.anypoint.mulesoft.com/
. If you are using MuleSoft Government Cloud, substitute https://gov.anypoint.mulesoft.com/
.
-
Click Setup > Security > Named Credentials.
-
Create a named credential with the name
Anypoint
. -
Set URL to
https://anypoint.mulesoft.com
. -
Go to the Authentication section.
-
Set Identity Type to Per User.
-
Set Authentication Protocol to JWT Token Exchange.
-
Set Token Endpoint Url to
https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token
. -
Set Issuer to the client ID of the connected app you saved previously.
-
Set Per User Subject to the following formula.
Replace
IDP_ISSUER
with the issuer from your IdP configuration. ReplaceIDP_AUDIENCE
with the audience from your IdP configuration."IDP_ISSUER:IDP_AUDIENCE|" & $User.Username & "|" & $User.FirstName & "|" & $User.LastName & "|" & $User.Email & "|[\"Community User\"]"
-
Set Audiences to
https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token
. -
Set Token Valid for to 60 minutes (the Anypoint default) or less.
-
Set JWT Signing Certificate to the key that you created previously as described in the section Create a Key Pair.
-
In the Callout Options section, enable Generate Authorization Header.
Modify External Data Source
-
Click Setup > Integrations > External Data Source > Exchange.
-
Set URL to
callout:Anypoint/odatabridge/odata.svc/
. -
Go to the Authentication section.
-
Set Identity to Anonymous.
-
Set Authentication Protocol to No Authentication Protocol.
-
Click Save.
-
Click Setup > Integrations > External Data Source > Exchange.
-
In the section Custom HTTP Headers, set X-Auth-Proto to the value
'JWT'
, including the single quotes. -
Click Save.
User Configuration
Give your user the Exchange Contributor role:
-
In your Anypoint Platform organization, click Access Management > Users.
-
Select your user.
-
Click Role > Add role by name.
-
Add the role Exchange Contributor.
Map community user to Anypoint role:
-
Ensure that you have Exchange Administrator permissions.
-
In your Anypoint Platform organization, navigate to Access Management and click Roles.
-
In Exchange Viewers, set a new External group called
Community User
and save it.