Reputation: 65
How to restrict access to anypoint platform public url
since anypoint platform url anypoint.mulesoft.com is publicly accessible anyone can access the resources. Is there anyway i can restrict access to my org users apart from creating access roles.
Can i create org specific url with org secific access so that others cant access?
Can put some network related restrictions?
Upvotes: 0
Views: 524
Answers (2)
Reputation: 367
As mentioned you are not able to change MuleSoft's main URL (ie https://anypoint.mulesoft.com), one option being to control from Access Management page, both mentioned by @aled
There are two main ways you can get what you need:
If your organization already has some MFA tool that requires you to be in your corporate VPN, you could use that MFA as the MFA for the Anypoint Platform e.g. Users will need Username/Password, connect to the VPN to be able to get access to the MFA generator/auth and then use that code to finish logging into the platform. As Admin in Anypoint Platform you can enforce EVERYONE to have MFA set up (keep in mind ClientApps authorization for your automation users)
If your company already has an Identity Provider you can configure identity management in Anypoint Platform to set up users for single sign-on (SSO). The fragments below extracted from the official docs external-identity:
After configuring identity management, you must add new SSO users using your external identity management solution and internal provisioning process. If you use the Invite User feature to add users to your organization after you have configured an identity provider, the credentials for these users are stored locally in your organization rather than with the identity provider.
Users that log in with SSO are new users to the system. If the new user has the same username as a user that already exists in your Anypoint Platform organization, the new user co-exists with the original user with the same username. Users with the same username are managed independently from one another.
Upvotes: 0
Reputation: 25802
I think you confusing two different things:
- Accessing a public URL (ie https://anypoint.mulesoft.com)
- Authorization inside your organization's account
You can not restrict access to a site that you don't own, it is publicly accessible and needs to be accessed by other users. It doesn't even make sense really. Would you attempt to restrict access by others to google.com or twitter.com (or their API URLs)? It is not the right approach and it is just not possible.
What makes sense however is to manage permissions inside your organization in Anypoint Platform. It means when an user belonging to your organization logs in you can manage what of the available roles are permissions that user will have. You can do that in the Access Management page. You can also create custom roles with specific permissions and teams to better organize your users.
Upvotes: 1
Related Questions
- How to get Anypoint Platform access token?
- Retrieve access from Request Connector in Mule Anypoint Studio
- How to Restrict Custom api access using AWS Cognito
- Anypoint CLI - runtime-mgr User unauthorized to access request resource
- How to configure CORS in Mule 4 without using API manager?
- I am trying to consume a SOAP service with an HTTPS url in Mule with AnypointStudio
- how to restrict HTTP requests for an application in Mulesoft?
- Mule Anypoint Platform 2.0 on premise
- How do I allow access to my Mule flow only for a particular set of IP addresses?
- How to set up MULE to accept incoming http calls only from "localhost"?