OAuth 2.0 and Anaplan Connect using Device Flow
This is a newbie question. I am new to Anaplan and this community so if this question has already been answered elsewhere please feel free to direct me to the link where I can find more information.
We are about to start an Anaplan project in a couple of weeks and I have started to do some research on setting up Anaplan Connect for data integrations on a linux machine in our organization which acts as a file transport and communication server with external networks.
I don't have access to an Anaplan workspace yet but from what I can tell by reading the setup manual there seem to be three authentication options in Anaplan Connect - Basic Auth, Certificate Auth (plain and jks), and OAuth 2.0. I would rather not use Basic Auth. My organization uses InCommon as their Certificate provider which does not appear to be supported by Anaplan (in addition, I think we can only request SSL certificates which also don't seem to be supported by Anaplan Connect). So I think I am left with OAuth 2.0.
It sounds like I need to use device flow (since the data integration scripts will likely be scheduled and hence will not involve user interaction with a browser). However, the OAuth 2.0 client creation instructions mention device flow for OAuth 2.0 is disabled if SSO is enabled. I know we want to use SSO to authenticate our users to Anaplan so I think we will enable SSO. I was also told exception users can be created in Anaplan.
I have two questions:
- Will we have to create an exception user (not authenticated by SSO) in Anaplan and create an OAuth 2.0 client as this user to be able to use device flow so that the Anaplan Connect scripts installed on our linux machine within our network can communicate with Anaplan?
- If OAuth 2.0 clients can only be created by tenant administrators, does the exception user in (1) need to be a tenant administrator?
I will appreciate any help experts on this group can provide.