Quick Inquiry
Table of Contents
Revision History
Table of Contents
Introduction
Pre-Requisites
Setup :
Creating App in Okta
Getting Business group Id on Anypoint Platform
Configuration on Anypoint Platform
Getting Anypoint login URL
Access the Anypoint Platform
Introduction
MuleSoft Anypoint Platform supports Single Sign On (SSO) SAML 2.0 and OpenID Connect to configure identity providers.
This document elaborates on how we can set up Identity Management for the MuleSoft Anypoint Platform using Okta with SAML 2.0.
Pre-Requisites
The following are the prerequisites for integrating the MuleSoft Platform with Okta
-
Access permissions to create an application and perform administration in Okta
-
Organizational administration permissions in Anypoint Platform.
Setup :
Creating App in Okta
-
Login in to Okta and go the Applications
-
Click on the Create App Catalog Integration button to create a new Application.
Getting Business group Id on Anypoint Platform
-
Now we need the organization-id of the Anypoint Platform.
-
Login to Anypoint Platform, go to Access Management.
-
Go to the Business group tab, Click on the Master Organization.
-
And now goto settings, copy and save the business group ID.
Okta Configuration
-
Now we need to prepare an Audience URI, populate business group ID in the following url. {business-group-id}.anypoint.MuleSoft.com
-
URL should look like this :-
e13bd5c9-5f3f-412c-820b-712a21f91b62.anypoint.MuleSoft.com
-
Now, under the Attribute Statements section, we need to fill firstName, lastName and email mapping as shown below.
-
Click on the next button.
-
On this Okta Support page, fill in any details and click on the finish button.
-
Now, An application is created in Okta
-
Now, Scroll down and Click on the View Setup Instructions.
-
On this page, we can find all the required configuration values needed to set up on MuleSoft Anypoint Platform.
-
In the Assignments click on the assign and assign the user to your application
Configuration on Anypoint Platform
-
Login to Anypoint Platform.
-
Go to Access Management.
-
Click on the Identity Provider tab.
-
Click on Add Identity Provider and click on SAML 2.0.
-
Now, Provide the Name [ suggested ‘SAML Identity Management Provider’ ]
-
Provide the ‘Provider Single Sign-On URL’ from Okta.
-
Under ‘Sign Off URL’, provide the following url.
-
Provide the Issuer value from Okta.
-
Provide the Public key from Okta.
-
And for the Audience field, prepare the following url. {business-group-id}.anypoint.MuleSoft.com And it should look it this -
e13bd5c9-5f3f-412c-820b-712a21f91b62.anypoint.MuleSoft.com -
Under Single Sign-On Initiation field, Choose Both if sign on initiation should be possible from both Okta and Anypoint Platform.
-
Click on the Advanced Settings and provide the firstName, lastName and email as shown below.
-
Click on the Save Changes button.
-
Now, Configurations for Anypoint Platform are done.
-
Again click on the name of the identity provider we configured now to open it.
-
Assertion Consumer Service (ACS) URL must be generated, copy this and save this.
Configuration on Anypoint Platform
-
Now, Go to the Applications we created on Okta.
-
Go to General Tab and click on the Edit button under SAML settings.
-
Click on Next.
-
Update the Single sign on URL with the Assertion Consumer Service (ACS) URL we copied from the Anypoint Platform.
-
Scroll down, click next and finish this update.
-
Okta configuration is also done.
Getting Anypoint login URL
-
On the Anypoint Platform
-
Go to Access Management, Go to identity provider.
-
Copy the login url as shown below.
-
Open the login url.
-
Click on the login with SAML Identity Management Provider.
Access the Anypoint Platform
-
Provide Okta Credentials and login.
-
You should be able to successfully login to Anypoint Platform.
Select SAML 2.0 and click Next
Provide the App name.
Upload the logo for the Application [ OPTIONAL ]
Click next
Provide the following Sign On url (this url will be changed later, it is done here just to complete the application setup and to generate the certificate and other required values.)
https://anypoint.MuleSoft.com/accounts/login/receive-id