From 5e03e00fd0a7f6462680ae21f4795c865cd015c0 Mon Sep 17 00:00:00 2001 From: valkyrie69 Date: Thu, 14 May 2026 13:36:20 -0700 Subject: [PATCH 1/2] W-22454114 IP Allowlisting Connected Apps Note --- modules/ROOT/pages/mq-connected-apps.adoc | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/mq-connected-apps.adoc b/modules/ROOT/pages/mq-connected-apps.adoc index af91e957..06a38cc6 100644 --- a/modules/ROOT/pages/mq-connected-apps.adoc +++ b/modules/ROOT/pages/mq-connected-apps.adoc @@ -1,9 +1,13 @@ -= Configuring Connected Apps += Configuring Connected Apps for Anypoint MQ -The Connected Apps feature enables you to integrate external applications with Anypoint Platform by providing access to those applications without sharing your user credentials. +Connected apps provide secure, credential-free access to Anypoint MQ for external applications and Mule integrations. After creating a connected app in Access Management, use the generated client ID and secret to authenticate Anypoint MQ Connector in Anypoint Studio or to obtain an access token for the Anypoint MQ API. -When you create a connected app, Access Management lists the ID and secret for the app. -You use the ID and secret values when configuring Anypoint Connector for MQ (Anypoint MQ Connector) in a Mule app in Anypoint Studio. +[IMPORTANT] +==== +If your organization has IP allowlisting enabled for connected apps, you must either allowlist the outbound IPs of the runtime where your Mule app is deployed, or exempt the connected app from IP enforcement. Without one of these steps, token generation fails and your MQ flows stop processing messages. + +If your app runs on CloudHub without static IPs or on CloudHub 2.0 Shared Space, you must exempt the connected app. These deployment models use dynamic or shared IPs that can't be reliably allowlisted. For guidance on all deployment models and exemption steps, see xref:access-management::managing-ip-allowlists.adoc#configure-ip-allowlisting-connected-apps[Configure IP Allowlisting for Connected Apps]. +==== include::partial$mq-versions.adoc[tags=mqConnectorVersion] For information about upgrading, see xref:anypoint-mq-connector::anypoint-mq-connector-upgrade-migrate.adoc[]. From 77ad34e128f5b40d90eb0e9e05486bbadbc9586a Mon Sep 17 00:00:00 2001 From: valkyrie69 Date: Thu, 14 May 2026 13:52:25 -0700 Subject: [PATCH 2/2] tweak --- modules/ROOT/pages/mq-connected-apps.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/mq-connected-apps.adoc b/modules/ROOT/pages/mq-connected-apps.adoc index 06a38cc6..764cebe9 100644 --- a/modules/ROOT/pages/mq-connected-apps.adoc +++ b/modules/ROOT/pages/mq-connected-apps.adoc @@ -4,7 +4,7 @@ Connected apps provide secure, credential-free access to Anypoint MQ for externa [IMPORTANT] ==== -If your organization has IP allowlisting enabled for connected apps, you must either allowlist the outbound IPs of the runtime where your Mule app is deployed, or exempt the connected app from IP enforcement. Without one of these steps, token generation fails and your MQ flows stop processing messages. +If your organization has IP allowlisting enabled for connected apps, you must either allowlist the outbound IPs of the runtime where your Mule app is deployed, or exempt the connected app from IP enforcement. Without one of these steps, token generation fails and your Mule flows stop processing messages. If your app runs on CloudHub without static IPs or on CloudHub 2.0 Shared Space, you must exempt the connected app. These deployment models use dynamic or shared IPs that can't be reliably allowlisted. For guidance on all deployment models and exemption steps, see xref:access-management::managing-ip-allowlists.adoc#configure-ip-allowlisting-connected-apps[Configure IP Allowlisting for Connected Apps]. ====