Identity Management and Client Management with MuleSoft
Identity Managment
MuleSoft allows to setup the Identity Management in Anypoint Platform to enable single sign-on for users. An organization can have up to 25 external identity providers, or IdPs, configured for SSO. Identity Managment in Anypoint Platform can be enabled using one of the below options:
📌 SAML 2.0
📌 OpenID Connect (OIDC)
SAML is stand for Security Assertion Markup Language and it is mainly designed to authenticate the users and provide identity data for access control and communication method for user identity. SAML is XML-based open standards for transferring data between two parties, Identity Provider (IP) and Service Provider (SP).
- Identity Provider is basically performing the authentication and transfer user identity to the Service Provider.
- Service Provider one who trusts the Identity Provider and authorized the user to access requested resources.
SAML uses XML for its identity data format and simple HTTP or SOAP for data transport mechanisms.
OpenID Connect extends OAuth 2.0. The OAuth 2.0 protocol provides API security via scoped access tokens, and OpenID Connect provides user authentication and single sign-on (SSO) functionality.
𝐒𝐮𝐩𝐩𝐨𝐫𝐭𝐞𝐝 𝐒𝐀𝐌𝐋 2.0 𝐏𝐫𝐨𝐯𝐢𝐝𝐞𝐫𝐬
📍 OKTA
📍 Ping Federate
📍 Salesforce
📍 OpenAM
📍 Other SAML 2.0 Providers like Auth0, OneLogin etc.
𝐒𝐮𝐩𝐩𝐨𝐫𝐭𝐞𝐝 𝐎𝐩𝐞𝐧𝐈𝐃 𝐂𝐨𝐧𝐧𝐞𝐜𝐭 𝐏𝐫𝐨𝐯𝐢𝐝𝐞𝐫𝐬
📍 OKTA
📍 Ping Federate
📍 Salesforce
📍 OpenAM
📍 Other OAuth OpenID Connect Providers like Auth0, OneLogin etc.
MuleSoft provides functionality to configure Single Sign On and allows users to login into Anypoint Platform using SAML and OAuth Open Id Connect (OIDC).
MuleSoft supports SSO that allows users to authenticate themselves against an Identity Provider (IdP) rather than obtain and use a separate username and password. Once the IdP authenticates the users, it informs Anypoint Platform about it, which in turn lets the users access the applications without having to sign in using their Anypoint Platform credentials.
Video Tutorials for enabling Identity Management with Anypoint Platform
𝐒𝐀𝐌𝐋 2.0 𝐮𝐬𝐢𝐧𝐠 𝐎𝐊𝐓𝐀
𝐎𝐩𝐞𝐧𝐈𝐃 𝐂𝐨𝐧𝐧𝐞𝐜𝐭 𝐮𝐬𝐢𝐧𝐠 𝐎𝐊𝐓𝐀
𝐎𝐩𝐞𝐧𝐈𝐃 𝐂𝐨𝐧𝐧𝐞𝐜𝐭 𝐮𝐬𝐢𝐧𝐠 𝐀𝐖𝐒 𝐂𝐨𝐠𝐧𝐢𝐭𝐨
Client Managment
Anypoint Platform acts as a client provider by default and it allows to configure up to 25 external client providers to authorize the client applications. MuleSoft allows you to configure the API Policies for authorizing the HTTP request from client.
MuleSoft allows to configure multiple client providers and associate the client providers with different environment. Multiple client providers can be associated with one environment and same client provider can be associated with multiple environments.
Anypoint Platform allows to configure below client providers.
📌 PingFederate
📌 OpenAM Version 1.4
📌 Dynamic Client Registration with OAuth Providers that must conform to the OpenID Connect Client Registration 1.0.
📌 Windows Azure for DCR
📌 OAuth Providers like OKTA, Auth0, AWS Cognito etc.
MuleSoft provides API policies for validating the token for incoming request.
📌 OAuth 2.0 Access Token Enforcement Using Mule OAuth Provider Policy (Only visible in API Policies after configuring Dynamic Client Registration in Access Managment)
📌 JWT Validation Policy
OAuth Grant Type are Client Credentials, Authorization Code, Implicit Code, Refresh Token, Resource owner password credentials grant etc.
MuleSoft supports connecting a Mule client app via HTTP Connector Requester operation to a service that requires any of the following types of authentications over HTTP:
📌 Basic Authentication
📌 Digest Authentication
📌 NTLM Authentication
📌 OAuth2 Authorization Code Grant Type Authentication
📌 OAuth2 Client Credentials Grant Type Authentication
Video Tutorials for enabling Identity Management with Anypoint Platform
MuleSoft as an OAuth Provider
MuleSoft and AWS Cognito
MuleSoft and OKTA
MuleSoft and Auth0
Full playlist of videos on Identity and Client Managment with OKTA, AWS Cognito, Auth0, Salesforce, Box, MuleSoft as an OAuth provider etc.
https://youtube.com/playlist?list=PL5GwZHHgKcuA0UY2IMd3xUr2T_-oeUPeg
