Provisioning protocol or authorization mechanism in Anaplan
Hello
We’re currently evaluating a solution deployed on Anaplan for our company and we have some questions regarding authorization considering that we’ll be using SAML2 for the authentication part. More specifically,
- Is it possible to detect access right using SAML claims in Anaplan?
- If not, do you have some user provisioning API, one supporting the SCIM protocol for example, so that we could automatically manage user accesses instead of depending on manual management through the platform?
Answers
-
Hello,
I'm a functional user, so I'm pretty sure I don't understand your question... but figured I'd chime in to learn.
Here's what I do know:
User settings can be imported and exported via the API in the same way any other Anaplan data can be imported & exported (i.e. via the calling of Anaplan import/export definitions).
With the above in mind, we can accomplish the following via automated (integration) processes:
- Set security by loading changes via an Anaplan Import definition
- Obtain an Anaplan Model's security settings via an Anaplan Export definition. (in this sense, I don't think SAML has any special ability or access to detect access rights... it would have to be done by exporting user access and consuming it somehow)
The only interaction SAML will have (from a security administration standpoint) is authenticating into Anaplan. Once logged into Anaplan, user access within the Anaplan Application itself is defined within Anaplan (not via single sign-on). In this context, I don't think there's any way to influence security otherwise via SAML.
Let's see if we get some other replies.
Regards,
Paul
0 -
Thank you Paul.
As it is a technical question, I have just create a ticket to the Anaplan's support.
Regards
Cathy
0 -
Cathy -
I'm just following-up on this topic... Did you receive the information from Anaplan Support that you needed?
Functionally speaking Paul is correct. At present, we typically configure Anaplan Modules, Actions, and Processes to inherit changes from a customer's identity management systems. There is a design example on the App Hub.
Please do head over to the Idea Exchange on Community and let us know if this is a feature/capability that would be useful to you.
Ernie
0