2. Safe Harbour Statement
● Both the speaker and the host are organizing this meet-up in individual capacity only. We are
not representing our companies here.
● This presentation is strictly for learning purposes only. Organizer/Presenter do not hold any
responsibility that same solution will work for your business requirements.
● This presentation is not meant for any promotional activities.
2
3. Organizers
Fathima Farzana John Mathew Philip
NJC Labs NJC Labs
MuleSoft / Integration Developer MuleSoft / Integration Developer
3
4. Users
• Creation
User Management
• Business Groups
• Teams
• MFA
• Identity Providers
• Connected Apps
• Audit Logs
Demo
• SSO
• MFA
Agenda
4
5. Speaker
5
Shridharan Rajasekar
Senior Technical Lead
EY
About Speaker:
• 11+ years of Technical Experience.
• 5+ years of Experience in the Integration Domain.
• Certified MuleSoft Developer and Architect.
• Mule Meetup Speaker.
6. Essential for accessing the platform
Org Administrator can Enable/Disable/Delete the user
User details are needed in:
Anypoint Platform Control Plane UI
Anypoint Platform CLI
Anypoint Platform REST APIs
Maven
Anypoint Studio
Users
6
7. Essential aspect for securing the platform
Ensure only needed permissions are provided to the users
Below components present in the platform helps in managing the users
Business groups
Teams
MFA
Identity Providers
Connected Apps
Audit Logs
User Management
7
8. Way to separate and control access to Anypoint Platform resources
Resides within the root organization
Business Groups are in hierarchy
Limit of 100 per organization
Can have multiple environments under each type
Business Groups
8
9. Contain Users (Members or/and Maintainers) and Permissions
Teams are in hierarchy
Default Team: Everyone at Master Organization
Can be used to assign Global Permission to all users (Existing/New Users)
A user can be part of many teams
Access can be directly provided to teams
Existing Roles can be converted/merged to Teams
Teams
9
10. 10
Additional level of security for non-SSO users
Org Admin can exempt specific service account (configured in REST API/Maven)
Users must verify their creds using at-least one of the below 4 verification methods:
Third-party TOTP authenticator apps
Built-in authenticator
Security key
Salesforce authenticator
MFA
11. 11
Authenticates username/password
Default: Anypoint Platform
Providers such as PingFederate, OpenAM and Okta are supported
Can integrate up to 25 External IDP at Master Org
Options to integrate
OpenID Connect
SAML 2.0
Supports SSO
Identity Providers
14. 14
Framework to integrate the external application with Anypoint Platform using APIs
Used in the place of service accounts configured for Maven, Anypoint Platform REST
API/CLI
Actions performed are audited
Org Admin will create and manage the access
Connected Apps
15. 15
Identity Access Violation
Business Group Aware
Requires Audit Log Viewer Permission
Retained for 6 years
Searchable
Download
User Interface
Audit Log Query API
Audit Logs
16. 16
● Integrate with external IdP
● Create groups and add members under IdP directory
● Create teams, assign permission and tag it with groups present in IdP
● Avoid using service account and use connected apps wherever possible
● If non-SSO user account is being used, then configure MFA
● Monitor audit log for any access violation
Recommendations
19. 19
● Share:
○ Tweet using the hashtag #MuleSoftMeetups and #CalicutMuleSoftMeetups
○ Invite your network to join: https://meetups.mulesoft.com/calicut/
● Feedback:
○ Fill out the survey feedback and suggest topics for upcoming events
○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program
What’s next?