top of page



Anypoint Platform Single Sign-on (SSO) SAML Configuration with Oracle IDCS - PART 2

Our last article was about how to integrate MuleSoft Anypoint Platform with Oracle Identity Cloud Services. With this, you can use Oracle IDCS as your Identity Provider. This is very useful for Single Sign-On purposes, and if you already have Oracle Cloud Infrastructure and you are using MuleSoft to integrate it with Oracle SaaS apps, this alternative for SSO should be a good fit for you.

In our last article, we mentioned that we would have a second part where we explain how to map attributes, such as

  • Email

  • First name and Last name

  • Telephone Number

  • Groups

  • Etc

Your users are part of Oracle Identity Cloud Services. Some of those users need to enter to MuleSoft Anypoint Platform to perform different activities, like

  • Design APIs

  • Browse Exchange

  • Deploy Applications

  • Manage your organization

But you don’t want to assign those roles directly on MuleSoft, you want to have that information coming from your Identity Provider; at the end that is the place where you create your users and assign groups. So, it is natural to think that the user is already assigned to groups that can be mapped to your MuleSoft roles. Once the users log in to MuleSoft, through the Identity Provider and it Authenticates/Authorizes them, and finally are able to get into MuleSoft, the expectation is that the users are already assigned to their roles and start working with their duties.

Well, that is something that you can configure between MuleSoft and Oracle IDCS.

Let’s get back to the IDCS console and create a group:

We just need to click on the Add button and create a group:

We are naming the user: CloudhubAdminSbx, and giving a brief description. Then click on Next and let’s assign a user:

In this case, it is me: Then just click on Finish.

What we have done is to create a new group (take a note of the name because we will use it later to map it inside MuleSoft Anypoint Platform), and we are assigning a user to it.

Now let’s get back to our Application inside IDCS (the one we configured in our previous article), to map attributes and groups. Let’s do it.

In the Attribute configuration, click on it and you will see something like this:

Your table may be empty and you will need to add the needed attributes, in my case:

  1. email

  2. firstname

  3. lastname

  4. Groups

Those are the attributes that will be sent from IDCS to MuleSoft inside the SAML assertion and MuleSoft will map into its attributes. Take a look at the names, and get back to MuleSoft Anypoint Platform console to the Access Management menu: