Anypoint Access Management Release Notes
In Organization settings and Runtime Manager subscription information, the name of VPN counter is now Network Connections. The Network Connections setting enables you to allocate your VPN connections and AWS Transit Gateway attachments in your organization.
Organizations created after August 19, 2021 automatically have multi-factor authentication (MFA) enabled for all users. Unless exempt, all user accounts in MFA-enabled organizations must use MFA to log in to Anypoint Platform. For more information on MFA auto-enablement rollout, see the knowledge article on MFA requirement.
Users who have not enabled multi-factor authentication (MFA) will be prompted to enable MFA weekly until they enable it. While MuleSoft recommends enabling MFA on all user accounts (preferably by requiring it for the entire organization), using MFA is still optional.
The Teams feature provides improved user and permission management. Teams provides user grouping mechanisms in Anypoint Platform, which streamlines collaboration, reuse, and scalability. Use teams to:
Manage users and permissions across multiple business groups
Define permissions and then assign them to multiple users in one click
Set global permissions (for example, give everyone in your organization the Exchange Viewer permission)
Share Exchange assets with a specific group of users
Additionally, the Access Management navigation menu and user interface have been revamped to simplify navigation and permission management across business groups.
Enhancements and updates are available on an opt-in basis. You can continue using old views after the Teams feature and user interface enhancement release.
When you change your password, you can no longer reuse your previous three passwords.
If you are using an external identity provider, such as Okta or Salesforce, you can now map users in a federated organization’s OpenID Connect (OIDC) groups to roles in Anypoint Platform.
You can now enable multi-factor authentication (MFA) as a sign-in requirement across your entire organization.
MFA makes logging in to Anypoint Platform more secure.
You can now easily rotate SAML 2.0 SSO keys. You can generate a key or upload an existing public/private key pair.
You can now import SAML 2.0 metadata to configure your identity provider with Anypoint Platform.
You can now export service provider SAML 2.0 metadata to configure Anypoint Platform with your identity provider.
These are the enhancements and new features for Access Management.
Organization administrators can configure whether SAML SSO can be initiated by Anypoint Platform (service provider-initiated SSO), their external identity provider (identity provider-initiated SSO), or both.
You can now log in using SSO from the Anypoint Platform login page via your organization’s domain. This domain is available on your user profile page.
When the permission scopes change for an approved connected app, an organization administrator must approve the new set of scopes.
Anypoint Platform now includes an External Access feature that serves as the foundation for improved cross-organization collaboration such as the sharing of assets.
This release of Access Management provides increased security and development capabilities via the Connected Apps feature.
The Connected Apps feature enables you to delegate access to apps without sharing sensitive credentials or giving third parties full control of their accounts. You can audit the app’s use of data, and you can revoke access anytime.
With this release, developers can create apps that use a Sign in with Anypoint Platform widget. When users interact with this widget, they can authorize apps to access their Anypoint Platform information.
Actions taken by apps are audited. Note that some products do not currently include client IDs in this release of the Connected Apps feature.
These are the enhancements and new features for Access Management:
A VPN counter is added under Business Group settings to allow a fine-grained allocation of purchased VPNs within your organizations.
Audit log dates now display a timestamp for a year.
When configuring an external identity provider, users can now disable server certificate validation. See Configure OpenID Connect Client Management.
Enablement of non-SSO users for your organization allows organization administrators to invite and authenticate users outside of the external SSO configured for your organization.
Organization administrators can enable and disable automapper capability for Flow Designer under the organization settings in Access Manager. See the Flow Designer documentation for more information.
You can enable client deletion in Anypoint Platform, which allows deletions of clients within Anypoint Platform. See Configure OpenID Connect Client Management.
You can enable client deletion and updates in IdP, which allows updates and deletions of external clients in the configured IdP through an outbound call made by Anypoint Platform. To use this feature, you should opt-in to client deletion within Anypoint Platform.
The Audit Log screen and a downloadable CSV file now include environment names for events from API Manager, Runtime Manager, CloudHub, Partner Manager, and MQ.
Deleted federated users are no longer able to sign in from the SSO login page. Organization administrators must re-enable deleted users before they can continue operations on Anypoint Platform.
You can’t create a Business Group name using special characters. Only the following characters are valid:
Existing Business Groups whose names contain special characters aren’t affected.
Access Management v0.29.0 enables external Anypoint users to create client applications on public API portals. These external users will be shown under a New tab for external users in the Users section of the Access Management UI. This release also includes infrastructure changes that improve platform performance.
Access Management v0.27.0 supports identity providers, such as Okta, that are compliant with the OpenID Connect Dynamic Client Registration protocol for API Client Management. You can now use these providers to protect API Gateways through a generic access token enforcement policy. This release also includes infrastructure improvements to help with performance. For more information, see the client management documentation.
Access Management v0.23.1 enhances the user experience for configuring external identity forms through tooltips and form validation mechanisms. It provides several infrastructure improvements. MuleSoft has also validated our OpenID Connect SSO solution with Okta, OpenAM, and Ping Federate.
Access Management v0.22 supports OpenID Connect-compliant identity providers (IdPs) for Single Sign On to Anypoint Platform. Through a new UI for external identity configurations, this release also brings the client UI configuration forms for PingFederate and OpenAM into the platform.
The process for OAuth client management configuration is now self-serve through forms made available in the External Identity section of Access Management. The google forms for OpenAM and PingFederate configuration are now deprecated.
Access Management v0.16 allows Organization administrators and Audit Log Viewers to view entitlement changes to their organization from the Audit Logs UI.
Additionally, Access Management now supports Ping Federate v188.8.131.52 for External Identity.
Access Management v0.15 improves the user invitation experience and allows users to accept organization invitations with an existing Anypoint username.
If a user has different usernames associated with an email address and receives an invitation to a new organization, the user is now given the option to accept the invitation with any one of her existing accounts, thereby, associating the selected username with this new organization.
If the selected username is already associated with another Anypoint organization, the user is then given the option to detach this username from the existing organization. If she is the only user in that org, she is also given the ability to delete that organization as usernames must remain unique across all Anypoint organizations. At any stage in the invite process, she can always chose to create a new username.
The Access Management V0.14.0 release makes minor improvements to Anypoint Platform’s notifications about your Trial subscription period.
If you are in your 30 day trial period, you can see the expiration date under the Subscription section in the Access Management UI. After your trial period expires your account will be converted to a “Free” subscription tier where you will lose the ability to deploy apps and APIs along with other Enterprise functionality within Anypoint Platform.
You will still be able to login to your account.
The Access Management V0.12.0, is a minor release that makes the Audit Logs UI a GA functionality. Using this UI users can query and filter Audit logs.
Audit Logs UI for Anypoint Platform: Changes made by users within an Anypoint Platform organization are logged through an audit logging service. You can now access the data logs through the Audit Logs UI under Access Management or by leveraging the Audit Logging Query API. See Audit Logs.