Author: Vikas Parikh
Objective
Once MuleSoft RTF (Run Time Fabric) is installed on the underlying infrastructure (AWS/ Azure/ Customer Hosted environment), Ops Center is accessible through the admin credential available in the logs. However, the same credentials need to be shared with the entire team. This could be a security issue, hence what is required is integration with IDM (such as Google) so that every team member can sign into the Ops Center with their specific credentials.Â
For the context of this document, we would install RTF onto AWS environment.
Prerequisite
- RTF installed on the AWS as per the guide: RTF installation for AWS
Google Integration
Google Set up
- Go to https://console.developers.google.com/
- Select the dropdown in front of Google APIs at the left. It will open up all the projects under your domain.

- Click ‘New Project’ at the top right
- Provide Project Name: apisero-rtf-ops-center

- Click ‘Create’
- Project will be created. Select the project and configure the OAuth consent screen as below:
– We will allow only internal users (users belonging to hosted domain – apisero.com)

- Click Create
- Under OAuth Consent Screen, configure below:
Application Name: Apisero RTF Ops Center
Application logo: Mulesoft
Authorized domains: apisero.com
- Click Save
- Navigate to ‘Credentials’ -> Create Credentials

- Click OAuth Client ID Key
- Configure parameters as below:
Application Type: Web Application
Name: Apisero RTF Ops Center
Authorized redirect URIs: https://<rtf-controller-public-dns>:32009/portalapi/v1/oidc/callback

- Click Create
- OAuth Client should be created. Copy the client Id and secret.

Ops Center Set up
- Login to Ops Center as per earlier Step #6
- Navigate to user name → settings

- Click ‘Auth Connectors’ and then ‘+ Create’
- Apply below connector configuration
kind: oidc
version: v2
metadata:
name: Google
spec:
redirect_url: "https://<rtf-controller-public-dns>:32009/portalapi/v1/oidc/callback"
client_id: "<id>.apps.googleusercontent.com"
client_secret: "<secret>"
issuer_url: "https://accounts.google.com"
scope: [email]
claims_to_roles:
- {claim: "hd", value: "apisero.com", roles: ["@teleadmin"]}
- Only those Google users that belong to hosted domain as apisero.com (all Apisero users) will be able to sign into the Ops Center and they will be provisioned a role of @teleadmin

- Click ‘Save’
- Click Log out
Login with Google
- Go to login page of the Ops Center
- ‘Login with Google’ Button would now appear on the sign on screen

- Click ‘Login with Google’
- You will be redirected to Google login screen
- Select the Apisero login account

- Enter the correct password and hit Next

- Ops Center dashboard appears with Google user (Apisero domain) logged in email ID

- Google integration concludes here
- Optionally, you can delete the ‘default’ admin user (as part of RTF installation set up) by navigating to user → settings → Users -> admin@runtime-fabric -> Actions -> Delete

With this, you will not be able to login to Ops Center with standard user.
The only login option would be to login with Google.