Configuring GovCloud SAML SSO

Date de publication: Oct 9, 2025

Étapes

Once you have open a case with support you will need to upload the following information about your SSO. Work with Identity Provider Admin to get the information.

Sign On URL* :
Sign Off URL* :
Issuer* :
( In the case of Salesforce IDP "EntityID" in the IDP metadata is same as Issuer.)
Public Key* :
Audience* :
(arbitrary string that identifies your Anypoint Platform organization. Typical value for this string is <organizationDomain>.gov.anypoint.mulesoft.com. Entity ID in the case of Azure)

(Optional)
Username Attribute :
(NameID attribute from the Subject block is used in the SAML assertion if left empty)

First Name Attribute :
(firstname attribute is used in the SAML assertion if left empty)

Last Name Attribute :
(lastname attribute is used in the SAML assertion if left empty)

Email Attribute :
(email attribute is used in the SAML assertion if left empty)

Group Attribute :

If no optional attributes are submitted, then you must send "email", "firstname", "lastname" in the attribute claims. Once all the necessary information is provided we can then process with your SSO configuration.

If a signing certificate is needed for single logout or encrypted SAML assertion:
https://docs.mulesoft.com/access-management/conf-saml-sso#generate-a-new-key

Other Useful Information

The ACS URL
Please note that the assertion consumer service (ACS) URL is generated when when MuleSoft configures the external IDP on MuleSoft side. This will be shared with you and you need to update at IDP side
- By default -https://gov.anypoint.mulesoft.com/accounts/login/:org-domain/providers/:providerId/receive-id.
  For all new configurations please use above URL. Please note :org-domain and :providerId are just placeholders for actual values.
- If encryption is not required it can work with either above or previous legacy url https://gov.anypoint.mulesoft.com/accounts/login/receive-id).
For Azure AD please use this article
- https://help.mulesoft.com/s/article/Configuring-Anypoint-Platform-as-an-Azure-AD-Service-Provider-SP

Salesforce IDP
- How to Configure Salesforce as a SAML Identity Provider
- In Salesforce EntityID entry is the Audience in MuleSoft IdP.

Troubleshooting:
- Error Insufficient Privileges when using Salesforce IdP SAML SSO With Anypoint Platform

Numéro d’article de la base de connaissances

001117140

Cet article a-t-il résolu votre problème ?

Dites-nous ce que nous pouvons améliorer !

Configuring GovCloud SAML SSO

GOAL

DOCS

Other Useful Information

For Azure AD please use this article

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List