Hear from Salesforce leaders on how to create and deploy Agentforce agents.
Contact Us 1-800-596-4880

Configuring SSO

Configure identity management in Anypoint Platform and Salesforce to set up users for single sign-on (SSO).

API Experience Hub supports multiple IdPs for SSO.

Before You Begin

Before configuring SSO, ensure you have the following permissions, context, and setup:

  • Organization Administrator permission or role in the main Anypoint Platform organization.

  • System Administrator role in Salesforce.

  • Experience with identity management and setting up identity providers for SSO.

  • Review Access Management’s Identity Provider documentation to understand identity management for Anypoint Platform.

  • In the identity provider of your choice, the users or identities must exist for the users with access to the application. For information, see the identity provider’s documentation.

  • Review the information in Gathering Setup Information for SSO.

Step 1: Enable SSO for Your Portal

To enable SSO, an identity provider is required for Anypoint Platform to create identities in Anypoint Platform for Salesforce users.

In this step, you create an application in the identity provider for the API Experience Hub portal, enable the ability to send group information in the application configuration, configure groups, and configure the default identity provider. Performing these steps require you to move back and forth between applications and the identity provider application to copy or add information.

Create and Configure an Application

Create and configure an application using one of these example methods:

Step 2: Add Salesforce Identity Providers

After the identity provider is configured for Salesforce, add and enable the identity provider from the API Experience Hub UI. When the identity provider is enabled, users can log in to the portal using this identity provider.

  1. Go to API Experience Hub > User management and click Login settings.

  2. From the Single sign-on (SSO) section, scroll down to step 2 Add Salesforce identity providers.

  3. Click Select identity provider and select an option from the drop-down menu.

  4. Click + Add identity provider and move the slider to Enabled.

Step 3: Add Group Mappings

When setting up SSO for the portal, your users must have an identity in both Salesforce and Anypoint Platform. SSO users are mapped to teams using their group names. You must map your users to teams using Access Management. API Experience Hub provides an out-of-the-box team called AEH Portal - ${salesforceOrganizationId}_${salesforceCommunityId} that is added automatically as a team in Access Management.

Add group mappings by adding the user to the corresponding profile in API Experience Hub:

  1. Go to Access Management > Teams.

  2. Click AEH Portal Guests and click AEH Portal Members > External IdP Groups.

  3. Complete these fields:

    Field Value

    Group Name

    Enter AEH Members or enter the value of the groups claim.

    Provider Name

    The name of the corresponding Salesforce identity provider.

    Type

    Member.

  4. From Type, click Add.

    The External IdP Groups page from Access Management
  5. Save your changes.

    The SSO users associated with the group you designated are assigned to the team.

Step 4: Test the SSO Configuration

Verify that the SSO for the portal is configured properly.

  1. Open an incognito window in a browser and go to your API Experience Hub portal.

  2. Select the SSO option that you configured.

  3. Log in with a user that belongs to the group you configured in the identity provider for your portal.

  4. Check the visibility of APIs for the user in the portal.

  5. Go to Access Management and select Users.

  6. Search using the username to confirm that the user is mapped to the expected identity provider.

  7. Go to the team with the configured group mappings.

    From the Members tab, ensure that you can see your user there.