Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Mulesoft, ensure you meet the following requirements:
- Mulesoft admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Mulesoft are registered in your IdP and have the necessary permissions to access Mulesoft.
- MPAS Admin rights
- Make sure that all users intended to use SSO in Mulesoft are registered in your IdP and have the necessary permissions to access Mulesoft.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Mulesoft - SSO configuration
Step 1 - Obtain Tenant XML Metadata from Multi-Pass (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, click on Applications
- Select SAML in the custom integration section
- Select Download under Tenant XML data and save the file locally
Step 2 — Configure Mulesoft as the Service Provider (SP)
- Log into Mulesoft as an Administrator
- Navigate to the Menu Button and select Access Management under Administration
- In the left menu select Identity Providers
- Select Add Identity Provider and choose SAML 2.0
- Under Import IdP Metadata click Choose file and upload the Tenant XML Metadata from Step 1
- Set the Name to
Multi-Pass - Under Audience type
<MULESOFT_SUBDOMAIN>.anypoint.mulesoft.com - Select Both under Single Sign-On Initiation
- Under Advanced Settings, populate the fields according to the table below
Advanced Settings
| Field | Value |
|---|---|
| Username Attribute | NameID |
| First Name Attribute | firstName |
| Last Name Attribute | lastName |
| Email Attribute | email |
| Group Attribute | Blank |
- Unselect Require encrypted SAML assertions
- Click Save Changes
- Scroll to the top of the page and download the Mulesoft Metadata file
Step 3 — Configure Multi-Pass as the Identity Provider (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, click on Applications
- Select SAML in the custom integration section
- Select Upload file and upload your Mulesoft Metadata
- Confirm/Complete the remaining fields based on the table below
General Settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | <MULESOFT_SUBDOMAIN>.anypoint.mulesoft.com |
| Name | mulesoft |
| Description | Mulesoft SSO integration |
| Assertion Consumer Service URL | https://anypoint.mulesoft.com/accounts/login/<MULESOFT_SUBDOMAIN>/providers/6e596925-772b-4cc8-aed3-f73950493a8d/receive-id |
| NameID Policy Format | Username |
- Navigate to the Advanced Console by clicking on the right side of your screen
- Click on Client and use the search bar to look for Mulesoft
- Make sure all the fields are populated based on the below tables
Access Settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://anypoint.mulesoft.com/accounts/login/<MULESOFT_SUBDOMAIN>/providers/6e596925-772b-4cc8-aed3-f73950493a8d/receive-id |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | username |
| Force Name ID Format | OFF |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | ON |
| Sign Assertions | ON |
- Go to the Keys tab and ensure both parameters are set to OFF
- Go to the Advanced tab and set Assertion Consumer Service POST Binding URL to match the Valid Redirect URI
Adding Mappers
Configure User Property mappers to pass user attributes correctly:
- Click the Client scopes tab
- Select the first option in the list
- Click Configure a new mapper
- Select User Property and create the four User Properties listed below
First Name Mapper
| Field | Value |
|---|---|
| Mapper type | User Property |
| Name | firstName |
| Property | firstName |
| Friendly Name | Firstname |
| SAML Attribute Name | firstName |
| SAML Attribute NameFormat | Basic |
Last Name Mapper
| Field | Value |
|---|---|
| Mapper type | User Property |
| Name | lastName |
| Property | lastName |
| Friendly Name | lastname |
| SAML Attribute Name | lastName |
| SAML Attribute NameFormat | Basic |
Email Mapper
| Field | Value |
|---|---|
| Mapper type | User Property |
| Name | |
| Property | |
| Friendly Name | |
| SAML Attribute Name | |
| SAML Attribute NameFormat | Basic |
Username Mapper
| Field | Value |
|---|---|
| Mapper type | User Property |
| Name | username |
| Property | username |
| Friendly Name | NameID |
| SAML Attribute Name | NameID |
| SAML Attribute NameFormat | Basic |
Related Articles
D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Miro - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Miro using MPAS. SSO simplifies user authentication by allowing access to multiple ...Pipedrive – SSO configuration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Pipedrive using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...Checkpoint - SSO Configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Checkpoint using MPAS. SSO simplifies user authentication by allowing access to multiple ...BambooHR - SSO Configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Bamboo HR using MPAS. SSO simplifies user authentication by allowing access to multiple ...