Contact Us 1-800-596-4880

Manual Setup

If you have multiple identity providers in your organization, follow the manual setup instructions.

Prerequisites

To set up the latest version of Anypoint API Community Manager, complete the prerequisite steps and then use the guided setup.

To set up previous versions manually, complete the prerequisite steps and then perform the following steps.

Enable API Community Manager Control Panel

The API Community Manager control panel is the interface your community administrators and operators use to operate your communities. It is available in the App Launcher page, where it is the first icon displayed in the main navigation bar. To ensure that the control panel is available for admin users:

  1. In Setup, search for App Manager using the Quick Find box and click App Manager.

  2. Locate API Community Manager and, in the menu on the right end of the row, click Edit.

  3. Click Navigation Items in the left panel, select ACM Administrator under the Available Items box, and use the arrow buttons to move it to the Selected Items box.

  4. Click Save.

  5. Click Back at the top right.

  6. Log out and log back in to your Salesforce organization.

  7. Open App Launcher and click API Community Manager.

  8. Verify that the API Community Manager control panel is displayed correctly by navigating to Application Launcher > ACM Administrator.

    If you see a message that you have not created a community, then the steps in this task were performed correctly.

Set Up the Data Bridge

The data bridge is the secure connection from Anypoint API Community Manager to your Anypoint Platform organization.

API Community Manager components and data objects use Anypoint Platform as their external data source.

Create a Key Pair

This key pair will be created in Salesforce and used for communication between Salesforce and Anypoint.

  1. Click Setup > Security > Certificate and Key Management > Create Self-Signed Certificate.

  2. Set Label/Name to Anypoint.

  3. Disable Exportable Private Key.

  4. Set Key Size to 2048 or larger.

  5. Click Save.

  6. Click Download Certificate.

The public key is saved on your local machine, and you will use it in the following steps.

Create Connected App in Anypoint

  1. Click Access Management > Connected Apps > Create App.

  2. Choose a name.

  3. Enable App acts on behalf of a user.

  4. In the section Grant types enable JWT Bearer.

  5. Copy the public key from the file downloaded in the previous steps and paste it into the public key text area.

    The certificate must have the correct format, such as this:

    -----BEGIN CERTIFICATE-----
    PUBLIC KEY
    -----END CERTIFICATE-----
  6. Set Website URL to https://login.salesforce.com.

  7. In the section Redirect URIs add http://localhost.

    Connected apps require redirect URIs but this configuration does not use them.

  8. In the section Who can use this application? select Members of this organization only.

  9. In the section Scopes add Background Access and Full Access.

  10. Click Save.

You receive a client ID and a client secret. This configuration uses the certificate and does not use the client secret. Save the client ID so you can use it in the following steps.

Identity Provider Data

The following steps require the identity provider data you prepared in the Installation Prerequisites.

Create Named Credential

The following instructions use URLs for the US cloud that begin with https://anypoint.mulesoft.com/. If you are using the EU cloud, substitute https://eu1.anypoint.mulesoft.com/. If you are using MuleSoft Government Cloud, substitute https://gov.anypoint.mulesoft.com/.

  1. Click Setup > Security > Named Credentials.

  2. Create a named credential with the name Anypoint.

  3. Set URL to https://anypoint.mulesoft.com.

  4. Go to the Authentication section.

  5. Set Identity Type to Per User.

  6. Set Authentication Protocol to JWT Token Exchange.

  7. Set Token Endpoint Url to https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token.

  8. Set Issuer to the client ID of the connected app you saved previously.

  9. Set Per User Subject to one of the following formulas.

    The guided setup uses a slightly different formula in the IDP_ID field, but either formula works.

    • If you are using an identity provider with SAML:

      1. To find the identity provider ID, run this request:

        curl --location --request GET 'https://anypoint.mulesoft.com/accounts/api/organizations/<YOUR_ORG_ID>/identityProviders' \ --header 'Authorization: Bearer <TOKEN>'

      2. Replace <YOUR_ORG_ID> with your organization ID and replace <TOKEN> with your token. In the response, find the line with the provider_id:

        "provider_id": "01234567-89ab-cdef-0123-456789abcdef",

      3. Replace IDP_ID with the identity provider ID.

        "v2|IDP_ID|" & $User.Username & "|" & $User.FirstName & "|" & $User.LastName & "|" & $User.Email & "|[\"Community User\"]"

        For example:

        "v2|83685668-9e8a-49c2-9d9a-7a7c89391cce|" & $User.Username & "|" & $User.FirstName & "|" & $User.LastName & "|" & $User.Email & "|[\"Community User\"]"

    • If you are using an identity provider with OpenID Connect, replace ORGANIZATION_ID with the organization ID from your Anypoint account.

      "openid-ORGANIZATION_ID|" & $User.Username & "|" & $User.FirstName & "|" & $User.LastName & "|" & $User.Email & "|[\"Community User\"]"

  10. Set Audiences to https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token.

  11. Set Token Valid for to 60 minutes (the Anypoint default) or less.

  12. Set JWT Signing Certificate to the key that you created previously as described in the section Create a Key Pair.

  13. In the Callout Options section, enable Generate Authorization Header.

Modify External Data Source

  1. Click Setup > Integrations > External Data Source > Exchange.

  2. Set URL to callout:Anypoint/odatabridge/odata.svc/.

  3. Go to the Authentication section.

  4. Set Identity to Anonymous.

  5. Set Authentication Protocol to No Authentication Protocol.

  6. Click Save.

  7. Click Setup > Integrations > External Data Source > Exchange.

  8. In the section Custom HTTP Headers, set X-Auth-Proto to the value 'JWT', including the single quotes.

  9. Click Save.

User Configuration

Give your user the Exchange contributor permission:

  1. In your Anypoint Platform organization, click Access Management > Users.

  2. Select your user.

  3. Click Permissions > Add permissions.

  4. Ensure that your user has the permission Exchange Contributor in each business group.

Give community users the Exchange viewer permission:

  1. Ensure that you have Exchange Administrator permissions.

  2. In your Anypoint Platform organization, navigate to Access Management and click Teams.

  3. Create a new team named Community Users.

  4. Click Settings.

  5. Set the parent team to everyone in the organization.

  6. In External IdP Groups, set Group Name to Community User and set Type to Member.

  7. Click Permissions > Add permissions and add the permission Exchange Viewer.

    When prompted, select all business groups with any assets that you want community users to be able to view.

  8. Manually add the permission Exchange Viewer to any users who were invited before you created the team.

After each user logs in to the community, the user is visible in Anypoint Platform.