- The document discusses the organization and business group settings and permissions in the Anypoint Platform. It covers how to invite users, assign roles, manage client IDs and analytics at the organization level. At the business group level, it discusses creating child business groups, assigning vCores, and navigating between groups. Roles control access to resources and APIs within an organization's business groups. Only admins can delete business groups.

1. Mule
Organization

2. • As an administrator of an Organization in the Anypoint Platform, there are several things you can configure for your entire organization such as:
• Invite users to your organization
• Assign users to roles to define their permissions in the platform
• Edit and remove users from your organization
• Configure organization settings
• Access your organization’s client ID and client secret, needed for configuring your API Gateway instances
• Access analytics for the APIs in your organization
• Create Business Groups to delegate the management of the resources within each of these and to easily delimit the scopes of roles and permissions.
As a Business Group owner, there are also several things to configure at Business Group level.

3. Organization Settings
• The Organization tab displays your organization name, which was
created when your organization was first provisioned. You can edit
this name by clicking the name. The original organization name
determines your organization’s portal domain. However, your portal
domain is independently editable as well. Adjusting the portal domain
affects the deep links to any existing API Portals in your organization.

4. Client ID and Client Secret
• Each organization has a client ID and a client secret that authenticate
it. These values are required for configuring an on-premises API
Gateway or for deploying proxies or APIs to an API Gateway hosted on
CloudHub.
• To obtain the values of these credentials for your organization, log in
to the Anypoint Platform as an administrator, click the gear icon at
the top-right and then select the Organization tab.

5. Manage the Master Organization’s Settings
• Organization Admin Only
• As an Admin of your organization, you can modify the organization’s
domain and the session timeout for its users. Access this menu by
clicking the Organization link in the left menu, and selecting the
organization name you want to modify.

6. • Even though multiple organizations can be created by different users
using the same company name, each organization has a unique
domain.
• Here you can also consult your organization’s Client Id and Client
Secret. These are useful if you want to use an API Gateway, as you
must register it with a specific organization. The Client Id and Client
Secret that belong to the Master Organization provide all of the
permissions from the Business Groups within it.

7. Exchange Settings
• Organization Admin Only
• You can handle the settings of your Organization’s private branch of
the Exchange, you can edit the Exchange owner’s information and
manage the number of items that your organization is able to expose
on it. The URL path is built based on the Domain Name that you set in
the organization’s settings.

8. Business Groups

9. Create a Business Group
• If you have an organization admin role and your organization is
enabled for Business Group support, you can create Business Groups
within your organization. Just select the Organization tab, and then
click the blue plus sign next to the Organization name or any Business
Groups in the tree diagram.

10. • You must select a name for it, and assign an existing user in the
Organization to be the Business Group Owner. You can also configure
whether this owner will have the ability to create his own Business
Groups branching below this one.
• You can assign some or all of the vCores that your organization owns
to any individual Business Group so that these can be used in the
CloudHub deployments that are grouped under it. You can assign
these when creating the Business Group, or you can also edit these
settings later.

11. Child Business Groups
• If so defined, the owner of a Business Group may be able to create
these independently and can even assign yet another user to be the
owner of one of its child Business Groups. The owner of a
parent Business Group will always have admin rights over any
child Business Group below it. Owners of child Business Groups can’t
access or affect anything on its parent Business Groups or the master
organization, this includes access to the parent Business Group’s
client ID and client secret.
• When creating a child Business Group within a parent one, only the
vCores that were assigned to the parent Business Group are eligible
for adding into the child.

12. Navigating Between Business Groups
• Once your organization has multiple Business Groups, you can easily
navigate between them through the menu on the top-right corner of
the screen. Switching between Business Group implies that the list of
available CloudHub deployments, the list of available APIs, and all of
the settings regarding users and roles will correspond to the currently
selected Business Group.

13. Creating Roles and Handling Membership to
Business Groups
• To obtain the membership to a Business Group, a user needs to be granted
a role within that Business Group. Members that are added to a Business
Group are then able to see this Business Group in the top menu and
navigate to it.
• Roles may exist at master organization level as well as at Business Group
level, these control different resources. APIs and CloudHub deployments
that belong to a Business Group can only be accessed by being granted
roles that belong to that Business Group, those that belong to the master
organization require roles at the master organization level. Additionally,
roles that belong to a Business Group can only grant access to APIs and
CloudHub deployments within that Business Group.
• When adding users to a role that belongs to a Business Group, any users in
the master organization are eligible.

14. Deleting Business Groups
• Only a user who owns an organization administrator role can delete
Business Group.
• No user can delete the root Organization.