As a tenant administrator or user admin i need to be able to manage users authentication mode (sso or exception users) at workspace level instead of model level.
Currently this is managed at the model level with 2 consequences :
- inconsistency and session crash : if a user is sso enabled on one workspace and sso disabled in another, the user loging in using one method or the other will result in a crash error when trying to switch to a model not consistent with how the user is logged in
- security and governance : at a tenant level, we cannot audit easily whether all users are compliant with a "all users are sso" policy type (with the exception of visiting users having to be non sso).
This is requested so that anaplan s platform capabilities are aligned with users and security governance and compliance required from an enterprise wise platform solution