MuleSoft Composer: Getting Started
Check that you meet the listed requirements before you set up Composer. Then you can set up and begin using Composer.
Requirements and Restrictions
-
The maximum number of concurrent users supported by an organization is 25.
-
You must purchase a MuleSoft Composer license, which is sold separately from the Anypoint Platform license.
-
If your company network has a stringent firewall or list of blocked IP addresses, your network administrator must add
*.mulesoft.com
to the list of allowed addresses.IP addresses used by Composer are dynamic; therefore, MuleSoft can’t provide a list of IP addresses.
-
You must relax any IP restrictions for the connections that you create to data sources and data targets as detailed in the Composer setup instructions.
-
Composer does not currently support mobile platforms.
Browser requirements:
-
Don’t use incognito mode or private browsers to access Composer.
-
If you use Firefox or Chrome, allow third-party cookies.
-
When you connect to another system, follow the requirements and restrictions applicable to that connection.
-
Composer fields with date values use the format YYYY-MM-DDThh:mmZ.
Available Regions
In MuleSoft Composer, the Anypoint Platform control and runtime planes for an organization are selected by the AE at provisioning time (during the quoting process). Users cannot change the mapping. MuleSoft Composer is available in the US East (N. Virginia) and EU (Frankfurt) regions.
Set Up Composer
After you purchase MuleSoft Composer, it automatically creates a MuleSoft Composer org for you and sends a welcome email so that you can access MuleSoft Composer for the first time.
After you successfully connect, you then invite users to access that MuleSoft Composer org.
Access MuleSoft Composer as for the First Time
As your organization’s primary administrator, follow these steps to initiate your MuleSoft Composer org:
-
Log in to your email account, find the welcome email from MuleSoft Composer, and then click Accept invitation.
-
In the Create account form, complete the required fields, including a password of at least eight characters that contains at least one uppercase letter, one lowercase letter, and one number.
-
Click Create account.
-
Log in to MuleSoft Composer using the username and password you just created.
-
In Register a Verification Method, select a verification method, follow the steps to set up your multi-factor authentication, and then click Connect.
The MuleSoft Composer overview page appears.
Invite Users to Access MuleSoft Composer
After you access your MuleSoft Composer org using administrator credentials, you then invite your organization’s users to your new MuleSoft Composer account:
-
In the MuleSoft Composer sidebar, click Settings and then click Users.
-
On the Users page, click Add Users.
-
In the Invite New Users window, enter the email addresses of the users you want to invite, separating the names by using commas.
-
Select the permissions that you want to apply to that group of users and then click Invite.
The following permissions are available:
-
Builder: Enables all users in the group to create and manage flows.
-
Administrator: Enables all users in the group to invite and manage users in addition to creating and managing flows.
The invited users receive the MuleSoft Composer welcome email.
-
Monitor Pending Unaccepted Invitations
After inviting users, you can monitor each pending invitation that has not yet been accepted.
To monitor a pending invitation:
-
In the MuleSoft Composer sidebar, click Settings and then click Users.
-
On the Users page, elect the Pending Invitations tab.
Information about the users' invitations appear. In the menu:-
Click the options icon to the right of the user invitation that you want to monitor.
-
If the invitation to that user is older than 14 days and is about to expire, if you want to resend it, click Resend Invite.
-
If you want to revoke the invitation to that user, click Revoke Invite.
-
Manage Users
As administrator, you are responsible for managing your MuleSoft Composer users to meet your organization’s business needs. The following user management tasks are available:
-
Change user roles
-
Reset user passwords
-
Reset user multi-factor authentication (MFA) methods
-
Delete users
Change User Roles
To change a user’s role:
-
In the MuleSoft Composer sidebar, click Settings and then click Users.
-
On the Users page, next to the user’s email address, click the options icon and then click Manage.
The user’s page appears. -
Select the Permissions tab.
-
Select the permission setting for the user and then click Save.
Reset User Passwords
To reset a user’s password:
-
In the MuleSoft Composer sidebar, click Settings and then click Users.
-
On the Users page, next to the user’s email address, click the options icon, and then click Reset Password.
An email is sent to the user with instructions for resetting their MuleSoft Composer MFA settings.
Reset User Multi-factor Authentication (MFA) Methods
To reset a user’s MFA method:
-
In the MuleSoft Composer sidebar, click Settings and then click Users.
-
On the Users page, next to the user’s email address, click the options icon, and then click Reset Multi-factor Auth.
An email is sent to the user with instructions for resetting their MuleSoft Composer password.
Delete Users
To delete a user:
-
In the MuleSoft Composer sidebar, click Settings and then click Users.
-
On the Users page, next to the user’s email address, click the options icon, and then click Delete.
A message appears, warning you that deleting a user cannot be undone. -
Click Delete.
Enable Multiple Identification Providers (IDP)
As an administrator, you can enable users to add identity providers (IDPs) for their organization. Note that:
-
If an IDP user is deleted from MuleSoft Composer and that user subsequently logs in to MuleSoft Composer using the IDP, the user profile is restored in the
Disabled
state. To allow the user to authenticate again, an toggle the state toEnabled
. -
You cannot disable the creation of new users via the Users page.
-
Deleting an IDP user does not stop the flows activated by that user.
-
When MuleSoft Composer is dynamically registered as an OpenID Connect SSO provider in Okta, MuleSoft Composer is named “Anypoint Platform” in Okta.
For more information on identity management in MuleSoft, see the Access Management documentation.
To enable OpenID Connect (OIDC) IDP:
-
In the MuleSoft Composer sidebar, click Settings and then click Multiple IDP.
-
On the Identity Provider page, click Add Identity Provider > OpenID Connect.
-
In the New Identity Provider page, complete the required fields:
-
Name: The nickname for this IDP.
-
Client Registration URL: The URL to dynamically register client applications for your identity provider. This field appears when you select Dynamic Registration.
-
Authentication Header: The header that provides credentials to authenticate a server. This header is required if the provider restricts registration requests to authorized clients. This field appears when you select Dynamic Registration.
-
Client ID: The unique identifier that you provided for your manually created client application. This field appears when you select Manual Registration.
-
Client Secret: The password, or secret, for authenticating your MuleSoft Composer organization with your Identity Provider. This field appears when Manual Registration is selected.
-
OpenID Connect Issuer: The location of the OpenID Provider. For most providers,
.well-known/openid-configuration
is appended to the issuer to generate the metadata URL for OpenID Connect specifications. If your OpenID Provider is Salesforce, then you must provide the value forissuer
. -
Authorize URL: The URL where the user authenticates and grants OpenID Connect client applications access to the user’s identity.
-
Token URL: The URL that provides the user’s identity encoded in a secure JSON Web Token.
-
User Info URL: The URL that returns user profile information to the client app.
-
-
Optionally, expand Advanced Settings, and provide the following values:
-
Group Scope: The OIDC scope to request the group claim.
-
Group Attribute JSON Data Expression: The JSONata expression used to select the groups from the user information or ID token. The result must be an array of strings.
-
Disable server certificate validation checkbox: Select to disable server certificate validation if your OpenID client management instance presents a self-signed certificate or one signed by an internal certificate authority.
-
-
Click Save.
-
Log out of MuleSoft Composer, navigate to the sign-on URL you entered in the New Identity Provider page, and then log in through your identity provider to test the configuration.
To enable SAML 2.0 IDP:
Note that the file-based configuration of a SAML 2.0 is not supported.
-
In the MuleSoft Composer sidebar, click Settings and then click Multiple IDP.
-
On the Identity Provider page, click Add Identity Provider > SAML 2.0.
-
In the New Identity Provider page, complete the required fields:
-
Name: Enter a nickname for this IDP.
-
Sign On URL: The redirect URL provided by the IDP for sign in. For example,
https://example.com/sso/saml
. -
Sign Off URL: The URL to redirect sign-out requests, so users both sign out of MuleSoft Composer and have their SAML user’s status set to
signed out
. -
Issuer: The ID of the identity provider instance that sends SAML assertions.
-
Public Key: The Public key provided by the identity provider, which is used to sign the SAML assertion. It is the
X509Certificate
value in the SAML response. -
Audience: An arbitrary string value that identifies your MuleSoft Composer organization. The typical value for this string is
<organizationDomain>.composer.mulesoft.com
.To find your
organizationDomain
, log in to MuleSoft Composer and go to Settings > Multiple IdP. At the bottom of the page, you can see the statementUsers can sign in through external IdPs by visiting your organization domain:
followed by a URL. The part after the last/
in the URL is theorganizationDomain
. For example, if the statement saysUsers can sign in through external IdPs by visiting your organization domain: https://composer.mulesoft.com/login/domain/composer123
, theorganizationDomain
iscomposer123
. -
Single Sign On Initiation: Specify whether SSO can be initiated by MuleSoft Composer, your identity provider (for example, Okta), or both.
-
The Service Provider Only option allows only MuleSoft Composer to initiate SSO.
-
The Identity Provider Only option allows only your external identity provider to initiate SSO.
-
The Both option allows either MuleSoft Composer or your external identity provider to initiate SSO.
The default value for this setting for newly configured identity provider configurations is Both.
-
-
-
Optionally, expand Advanced Settings, and provide the following values:
-
Username Attribute: Field name in the SAML
AttributeStatements
that maps to the user’s name. If no value is configured, theNameID
attribute of the SAMLSubject
is used (Note: This is outside the SAMLAttributeStatements
). -
First Name Attribute: Field name in the SAML
AttributeStatements
that maps toFirst Name
. -
Last Name Attribute: Field name in the SAML
AttributeStatements
that maps toLast Name
. -
Email Attribute: Field name in the SAML
AttributeStatements
that maps toEmail
. -
Group Attribute: Field name in the SAML
AttributeStatements
that maps toGroup
. -
Require encrypted SAMl assertions checkbox: If enabled, the SAML assertions sent from the IDP must be encrypted and follow the guidelines mentioned in the prerequisites.
-
-
Click Save.
-
Log out of MuleSoft Composer, navigate to the sign-on URL you entered in the New Identity Provider page, and then log in through your identity provider to test the configuration.
Enable Flow Failure Notifications
As administrator, you can enable flow failure notifications via email. When enabled, checks run every 15 minutes on running flows. If any flow fails, Composer sends an email to the owner of the flow.
Note that:
-
A maximum of four consecutive emails are sent for the same error.
-
The error log for the flow resets every 24 hours.
-
The error log only runs while the flow runs.
To enable email notifications:
-
In the Composer Home page, click Settings.
The Account page appears. -
In the sidebar, click Email Notifications.
-
In the Receive email notifications when flows fail to run row, toggle the button to enable email notifications.
Connect Composer to Anypoint Platform
Organizations that use both MuleSoft Composer and Anypoint Platform can connect the two products.
To link Composer to Anypoint Platform:
-
In MuleSoft Composer, in the navigation pane, click Settings > Account.
The Account page appears. -
On the Account page, copy the value in the Organization ID field.
-
Log in to the Anypoint Platform organization that you want to connect to MuleSoft Composer.
The Anypoint Platform page appears. -
In the navigation pane, click Access Management.
The Access Management page appears. -
In the Access Management page, in the navigation pane, click Composer Sync. If the Composer Sync button is not available, first click Try New Features to enable the button.
The Add Composer Organization window appears. -
In the Add Composer Organization window, in the Organization ID field, paste the Organization ID that you copied from the Account page of MuleSoft Composer and then click Add.
-
Open MuleSoft Composer and refresh the page.
-
In MuleSoft Composer, in the navigation pane, click Settings > Account.
The Account page appears, displaying a linking request from Anypoint Platform. -
Click Review and Confirm.
-
In the Access Token section, click Authenticate in Anypoint.
The Anypoint Platform login page appears. -
Log in to Anypoint Platform. Ensure that the user logging into Anypoint Platform has the right permissions to create a client app.
-
In the Client App section, click Create Client App.
The Composer organization is now linked to the Anypoint organization.
API Sharing
MuleSoft Anypoint Platform customers can share externally available APIs managed in Anypoint Platform with business users for consumption in a MuleSoft Composer flow.
Before sharing APIs from Anypoint Platform to MuleSoft Composer, ensure that:
-
Your organization uses Anypoint Platform for API Management.
-
Your Anypoint organization doesn’t employ external client providers.
-
Your Anypoint organization doesn’t currently have a client app named “Composer”.
-
Your organization has Rest APIs managed by API Manager that conform to the following:
-
The API specifications use either RAML or OpenAPI.
-
The API uses basic authentication, bearer token, or API Key in conjunction with a Client ID and Secret.
-
The API has a value for the Consumer Endpoint field in API Manager.
-
-
Composer organizations are linked to Anypoint organizations.
-
The API must be accessible from the public internet.
For more information on how to connect externally available APIs, refer to Rest Consumer Connector.
Share an API Instance with Composer
If you manage your APIs with Anypoint API Manager, you can share those APIs with MuleSoft Composer.
To share an API Instance with MuleSoft Composer:
-
In Anypoint Platform, in the navigation pane, click Exchange.
-
In the list, find the API instance that you want to share, click Request access, and then click the Client App that was created by MuleSoft Composer.
The Request access window appears. -
In the Request access window, click Request access.
-
Open MuleSoft Composer and then open the flow to ensure that the shared API appears in the Shared Apps section of the canvas.
Share an API Instance with a Single-Tenant Anypoint Platform Organization
You can connect a single-tenant, Anypoint Platform organization to Composer for API Sharing. Using API Sharing, you can expand the connectivity to more systems, have more control over both API management and governance, and consume complex APIs built in Anypoint Platform.
To enable API sharing for a single-tenant organization:
-
Ensure that the shared API appears in the Shared Apps section of the canvas and that you have the Composer Super User role.
-
In the Composer Home page, click Settings.
The Account page appears.
-
Expand the Shared APIs section in the General tab and click the radio button to enable API Sharing for a single-tenant organization.
A Client App named Composer is created within the organization. If a Client App named Composer already exists, manually select the Client App to which you want to grant access from the drop-down menu.
Disconnect Composer Connection to Anypoint Platform
You can disconnect your connection from MuleSoft Composer to Anypoint Platform; however, removing this connection does not delete existing configurations.
To disconnect your MuleSoft Composer connection to Anypoint Platform:
-
Log in to the Anypoint Platform organization containing the connection to MuleSoft Composer that you want to disconnect.
The Anypoint Platform page appears. -
In the navigation pane, click Access Management.
The Access Management page appears. -
In the navigation pane, click Connected Apps.
The Connected Apps page appears. -
Optionally, on the Connected Apps page, if you want to remove Composer’s access to a single API, click the options button for the API and then click Remove.
-
In the Owned Apps tab, next to Composer API Sharing, click the options button, and then click Delete.
MuleSoft Composer is now disconnected from Anypoint Platform.