Oauth 2.0

I’m trying to understand if I can use Oauth 2.0 as a way of allowing Anaplan users to provide access to their Anaplan tenants to a 3rd party application.

Can I create a single Oauth client in my tenant, and have Anaplan users from other tenants go through the Authorization code grant flow?

Or is an Oauth client only meant to be used for just the users within a single Anaplan tenant?

Accepted answers

All comments

JaredDolich

@n8

Anaplan uses a Multipurpose Internet Mail Extension (MIME) Protocol. Which means only the email address that you grant access to the tenant will be permitted to access it. You can authenticate one of two ways, either a basic authentication (email and password) or by using a CA Certificate.

The same email can be used in multiple tenants provided the email was granted access to the same.

Most customers, for security reasons, use a system email and assign a CA Certificate.

Hope that helps.

Thanks for the reply @JaredDolich. Here's what I'm trying to get at. I'm a partner vendor (Census) with an application that would like access to an Anaplan user's tenant. Let's pretend I have 2 customers that are also Anaplan customers. Coca-cola and GE (bob@cocacola.com and jane@ge.com). They each belong to their company's separate Anaplan tenants.

I'd like to use the Oauth 2.0 Access Code Grant flow to allow Bob and Jane to allow my App to access their data in each of their different tenants.

I see the instructions for creating an Oauth 2.0 Client: https://help.anaplan.com/0984a799-a667-4e70-8759-a134be32f48c-Create-an-OAuth-2.0-client But what I don't understand yet, is if I create an Oauth 2.0 client in my tenant (Census), can I use that same Oauth 2.0 client for Bob and Jane in order for me to get access tokens that access Bob and Janes data in their tenants? Or do I need to have Bob and Jane create their own Oauth 2.0 clients in their own tenants?

JaredDolich

@n8

I'm fairly certain you have to establish the Oauth client on the "Source" tenant so it can provide you the correct token. Each user has their own security, even if they're workspace administrators and access is granted at the user level. I'm also fairly certain your ability to reach into Anaplan will be limited to the API 2.0 endpoints.

Since this is a relatively new feature, I would suggest sending a note to Support and have them give you a definitive answer.

Glad you brought this up. I had no idea it even existed. This line here suggests to me that you have to establish the client on the source tenant.

epeterson320

Any definitive answer for this? I'm also in a position where I'd like to develop a third-party app that lets users from different tenants each grant access to their own data.

ryan_kohn

I'd recommending reading through this 3-part article on OAuth in Anaplan: https://community.anaplan.com/t5/How-To/Start-Here-OAuth-Part-1-The-Basics/ta-p/131489

If you're already familiar with OAuth and are looking specifically for information on third-party applications, you can skip right to Part 3.

coraparks

Hi All,

I was wondering what our callback url should look like? Where would I find this documentation?

Thanks!

Quick Links

Can you help?

Unanswered questions

Dimensionality Issue
Hi ALL, In my model, I have Need stored at a 'D3' RS Group level. I need to use this Need in another module at the G5 Location level. I currently have a mapping module where each G5 Location maps to a D3 RS Group. This Module uses D2 Role as dimension. but the line item I've to find the RS Group (Find D3 RS Group = 'FIND…
Formula to return Connection details...
I couldn't find any formula to do this, but I want a way to put on the page/grid the connection details. This is so I know what connection I'm in rather than going into Connections details to see it. Is there an XL3 formula to return this value?
Postman/Anaplan - message "404, Not found"
Hi all, I, as an Anaplan workspace administrator, am working together with a Fabric team to export data from Anaplan to Fabric via Anaplan API and Postman. We have a problem where all Anaplan exports are visible in Postman but when trying to connect to SOME of them, we get message "404, Not found". Below screenshot showing…