What aspects of RBAC must ALWAYS be controlled from the Anypoint Platform control plane and CANNOT be controlled via the external Identity Provider?

Refer to the exhibit.

Anypoint Platform supports role-based access control (RBAC) to features of the platform. An organization has configured an external Identity Provider for identity management with Anypoint Platform.

What aspects of RBAC must ALWAYS be controlled from the Anypoint Platform control plane and CANNOT be controlled via the external Identity Provider?
A . Controlling the business group within Anypoint Platform to which the user belongs
B . Assigning Anypoint Platform permissions to a role
C . Assigning Anypoint Platform role(s) to a user
D . Removing a user’s access to Anypoint Platform when they no longer work for the organization

View Answer

Answer: B

Explanation:

* By default, Anypoint Platform performs its own user management

C For user management, one external IdP can be integrated with the Anypoint Platform organization (note: not at business group level)

C Permissions and access control are still enforced inside Anypoint Platform and CANNOT be controlled via the external Identity Provider * As the Anypoint Platform organization administrator, you can configure identity management in Anypoint Platform to set up users for single sign-on (SSO). * You can map users in a federated organization’s group to a role which also gives the flexibility of controlling the business group within Anypoint Platform to which the user belongs to. Also user can nbe removed from external identity management system when they no longer work for the organization. So they wont be able to authenticate using SSO to login to Anypoint Platform. * Using external identity we can no change permissions of a particular role in Mulesoft Anypoint platform. * So Correct answer is Assigning Anypoint Platform permissions to a role