Merge pull request #579 from mulesoft/W-16995377-external-client-providers-anypoint-client-fa

W-16995377-external-client-providers-anypoint-client-fa

Author: failup

modules/ROOT/pages/configure-multiple-credential-providers.adoc

@@ -6,7 +6,7 @@ endif::[]
 
 You can use multiple client providers, to help you enforce security and regulations in your business organization. These client providers, such as, OpenAM and PingFederate, enable you to secure your operational data, such as client credentials and access tokens. 
 
-You can use an Anypoint Platform native client provider (default) or configure an external client provider. To assign separate client providers for different organizations and environments, you must first enable client applications to be authorized using OAuth for the client providers that you want to implement in your organization.
+You can use an Anypoint Platform native client provider (default), configure an external client provider, or use both the Anypoint Platform native client provider with the external client provider. To assign separate client providers for different organizations and environments, you must first enable client applications to be authorized using OAuth for the client providers that you want to implement in your organization.
 
 API Manager 2.2.14 introduces multiple client identity provider (IdP) support, enabling your environment to use either the default Anypoint Platform native client IdP or one or more external client IdPs.
 
@@ -55,6 +55,8 @@ To secure your APIs, create one external client provider per environment. Assign
 
 Avoid using the same IdP in production and nonproduction environments. You can use the same IdP in multiple production environments or in multiple nonproduction environments.
 
+If you configure multiple client providers, both the native Anypoint Platform client provider and any external client providers can be used in the same environment.
+
 Before implementing multiple client providers, see the <<guidelines,guidelines>>.
 
 [[guidelines]]
@@ -73,18 +75,13 @@ You can then reassign the appropriate external client provider for that API.
 +
 ** Existing APIs in that environment continue to use the native Anypoint Platform client provider. 
 ** New APIs use the new external IdP.
-* You can use either the default native Anypoint Platform client provider or one or more external client providers. 
+* You can use either the default native Anypoint Platform client provider and one or more external client providers. 
 +
-After you assign an external client provider to an API, you can return to using the default native Anypoint Platform client provider by removing every provider from the environment in which the API belongs.
+There is no need to disable an external provider to use the native Anypoint Platform provider.
 * If you remove a client provider from an environment, all existing APIs and client applications using that client provider continue to work.
 * If you delete a client provider from the root organization, all existing APIs and client applications using that client provider default to the native Anypoint Platform client provider.
 +
 Even though contracts remain intact, policies that authorize against that provider fail because the configuration is deleted.
-* An API created in an environment with an assigned external client provider always uses the external client provider, not the native Anypoint Platform client provider. The following describes one workaround:
-+
-. Disable the external client provider for that environment.
-. Create an API that uses the native Anypoint Platform client provider.
-. Re-enable the external client provider.
 
 == Tasks for Implementing Multiple Client Providers Based on Roles