Anypoint Access Management Release Notes
In the Connected Apps audit logs, the
Token Retrieval Successand
Token Retrieval Failureentries now have
clientIPin their payloads.
To enhance accessibility and usability, the Connected Apps feature’s scope workflow has been polished.
The following pages now have sections showing limits imposed by Anypoint Platform:
Business groups (including the page for your root organization)
SAML identity providers
Note that this feature is available only if you have enabled the New Features Access Management user interface.
December 15, 2022
November 30, 2022
The Audit Log Query API now supports more efficient querying. For more information, see the tutorial in the Audit Logs documentation.
If your organization has not opted in to the new and improved features, Access Management now prompts you to try the new features and offers UI prompts to enable smooth adoption.
Business group overviews now have the Access Overview section that enables you to view a list of users who have a specified permission across business groups.
When you select a business group in the Business Groups page, the Settings section for that business group opens by default.
Sliders for vCore allocations have been readded to the Settings section of business groups.
To enhance usability, the Teams feature and permissions workflows have been polished.
November 14, 2022
October 29, 2022
Multi-factor authentication (MFA) is now required for all non-SSO user accounts unless they are on their organization’s exemption list. At login, Anypoint Platform now prompts users to configure a verification method if they have not already.
You no longer have the option to make MFA optional across your entire organization.
October 10, 2022
September 6, 2022
August 20, 2022
July 23, 2022
For enhanced security, Access Management might ask users to re-authenticate before they can modify their email addresses. Similarly, Access Management might ask organization administrators to re-authenticate before they can modify their organization users’ email addresses. This change prevents bad actors from taking advantage of stale browser sessions.
User accounts that are added to an existing organization must configure multi-factor authentication (MFA).
April 29, 2022
When you create a new organization, multi-factor authentication (MFA) is enabled by default. While it is best to use the Connected Apps feature instead of service accounts, an organization administrator can add service accounts or other user accounts without MFA to an exemption list.
You can now check the retention period for your organization’s audit logs using the Audit Logging API.
February 21, 2022
You can now configure Azure Active Directory (Azure AD) as a client provider. As your client provider, Azure AD provides a stateless microservice to convert OAuth 2.0 client application registration requests to requests supported by Azure AD. Additionally, configuring Azure AD as a client provider enables you to authenticate and and authorize existing API consumers.
January 14, 2022
When you configure the Issuer field while adding a client provider, such as Okta, that is compatible with this spec, metadata from
$ISSUER/.well-known/oauth-authorization-serveris discovered and validated prior to merging. Once the validation is complete, a complete list of available grant types appears. If you want to fetch metadata for validation for an existing client provider, save that client provider again, and the validation occurs automatically.
This change makes the client provider registration process smoother for Okta users. Additionally, this change also enables the use of the Client Credentials grant type.
When you use dynamic client registration to configure a client provider, you can now configure the length of time at which a client provider times out. The minimum timeout value is five seconds, and the maximum value is 20 seconds.
November 3, 2021
September 8, 2021
August 5, 2021
June 10, 2021
The Teams feature provides improved user and permission management. Teams provides user grouping mechanisms in Anypoint Platform, which streamlines collaboration, reuse, and scalability. Use teams to:
Manage users and permissions across multiple business groups
Define permissions and then assign them to multiple users in one click
Set global permissions (for example, give everyone in your organization the Exchange Viewer permission)
Share Exchange assets with a specific group of users
Additionally, the Access Management navigation menu and user interface have been revamped to simplify navigation and permission management across business groups.
Enhancements and updates are available on an opt-in basis. You can continue using old views after the Teams feature and user interface enhancement release.
January 20, 2021
When you change your password, you can no longer reuse your previous three passwords.
December 15, 2020
If you are using an external identity provider, such as Okta or Salesforce, you can now map users in a federated organization’s OpenID Connect (OIDC) groups to roles in Anypoint Platform.
October 29, 2020
You can now enable multi-factor authentication (MFA) as a sign-in requirement across your entire organization.
MFA makes logging in to Anypoint Platform more secure.
You can now easily rotate SAML 2.0 SSO keys. You can generate a key or upload an existing public/private key pair.
June 29, 2020
You can now import SAML 2.0 metadata to configure your identity provider with Anypoint Platform.
June 13, 2020
You can now export service provider SAML 2.0 metadata to configure Anypoint Platform with your identity provider.
May 30, 2020
These are the enhancements and new features for Access Management.
Organization administrators can configure whether SAML SSO can be initiated by Anypoint Platform (service provider-initiated SSO), their external identity provider (identity provider-initiated SSO), or both.
You can now log in using SSO from the Anypoint Platform login page via your organization’s domain. This domain is available on your user profile page.
When the permission scopes change for an approved connected app, an organization administrator must approve the new set of scopes.
January 24, 2020
Anypoint Platform now includes an External Access feature that serves as the foundation for improved cross-organization collaboration such as the sharing of assets.
October 18, 2019
This release of Access Management provides increased security and development capabilities via the Connected Apps feature.
The Connected Apps feature enables you to delegate access to apps without sharing sensitive credentials or giving third parties full control of their accounts. You can audit the app’s use of data, and you can revoke access anytime.
With this release, developers can create apps that use a Sign in with Anypoint Platform widget. When users interact with this widget, they can authorize apps to access their Anypoint Platform information.
Actions taken by apps are audited. Note that some products do not currently include client IDs in this release of the Connected Apps feature.
April 20, 2019
These are the enhancements and new features for Access Management:
A VPN counter is added under Business Group settings to allow a fine-grained allocation of purchased VPNs within your organizations.
Audit log dates now display a timestamp for a year.
When configuring an external identity provider, users can now disable server certificate validation. See Configure OpenID Connect Client Management.
Enablement of non-SSO users for your organization allows organization administrators to invite and authenticate users outside of the external SSO configured for your organization.
Organization administrators can enable and disable automapper capability for Flow Designer under the organization settings in Access Manager. See the Flow Designer documentation for more information.
You can enable client deletion in Anypoint Platform, which allows deletions of clients within Anypoint Platform. See Configure OpenID Connect Client Management.
You can enable client deletion and updates in IdP, which allows updates and deletions of external clients in the configured IdP through an outbound call made by Anypoint Platform. To use this feature, you should opt-in to client deletion within Anypoint Platform.
The Audit Log screen and a downloadable CSV file now include environment names for events from API Manager, Runtime Manager, CloudHub, Partner Manager, and MQ.
August 25, 2018
MuleSoft supports using Salesforce Identity as a SSO (single sign-on) provider with the OpenID Connect protocol. Salesforce is a certified OpenID Provider.
Deleted federated users are no longer able to sign in from the SSO login page. Organization administrators must re-enable deleted users before they can continue operations on Anypoint Platform.
You can’t create a Business Group name using special characters. Only the following characters are valid:
Existing Business Groups whose names contain special characters aren’t affected.
November 18, 2017
Access Management v0.29.0 enables external Anypoint users to create client applications on public API portals. These external users will be shown under a New tab for external users in the Users section of the Access Management UI. This release also includes infrastructure changes that improve platform performance.
October 7, 2017
Access Management v0.27.0 supports identity providers, such as Okta, that are compliant with the OpenID Connect Dynamic Client Registration protocol for API Client Management. You can now use these providers to protect API Gateways through a generic access token enforcement policy. This release also includes infrastructure improvements to help with performance. For more information, see the client management documentation.
June 24, 2017
Access Management v0.23.1 enhances the user experience for configuring external identity forms through tooltips and form validation mechanisms. It provides several infrastructure improvements. MuleSoft has also validated our OpenID Connect SSO solution with Okta, OpenAM, and Ping Federate.
May 6, 2017
Access Management v0.22 supports OpenID Connect-compliant identity providers (IdPs) for Single Sign On to Anypoint Platform. Through a new UI for external identity configurations, this release also brings the client UI configuration forms for PingFederate and OpenAM into the platform.
Deprecated Features or Functionality
The process for OAuth client management configuration is now self-serve through forms made available in the External Identity section of Access Management. The google forms for OpenAM and PingFederate configuration are now deprecated.
January 14, 2017
Access Management v0.18 adds a no CAPTCHA reCAPTCHA verification step in our sign up process.
November 19, 2016
October 22, 2016
Access Management v0.16 allows Organization administrators and Audit Log Viewers to view entitlement changes to their organization from the Audit Logs UI.
Additionally, Access Management now supports Ping Federate v22.214.171.124 for External Identity.
September 24, 2016
Access Management v0.15 improves the user invitation experience and allows users to accept organization invitations with an existing Anypoint username.
If a user has different usernames associated with an email address and receives an invitation to a new organization, the user is now given the option to accept the invitation with any one of her existing accounts, thereby, associating the selected username with this new organization.
If the selected username is already associated with another Anypoint organization, the user is then given the option to detach this username from the existing organization. If she is the only user in that org, she is also given the ability to delete that organization as usernames must remain unique across all Anypoint organizations. At any stage in the invite process, she can always chose to create a new username.
August 27, 2016
The Access Management V0.14.0 release makes minor improvements to Anypoint Platform’s notifications about your Trial subscription period.
If you are in your 30 day trial period, you can see the expiration date under the Subscription section in the Access Management UI. After your trial period expires your account will be converted to a “Free” subscription tier where you will lose the ability to deploy apps and APIs along with other Enterprise functionality within Anypoint Platform.
You will still be able to login to your account.
June 25, 2016 Release
May 14, 2016 Release
The Access Management V0.12.0, is a minor release that makes the Audit Logs UI a GA functionality. Using this UI users can query and filter Audit logs.
Features and Functionality
Audit Logs UI for Anypoint Platform: Changes made by users within an Anypoint Platform organization are logged through an audit logging service. You can now access the data logs through the Audit Logs UI under Access Management or by leveraging the Audit Logging Query API. See Audit Logs.