Anaplan API — If SSO is disabled do CA Certs really help that much?
I'm working on developing some best practices for our organization surrounding Anaplan API connections. I know Anaplan recommends using a CA Cert when connecting with the API, but I'm not able to find much guidance from Anaplan regarding API connections and SSO. I did find this thread where most users seem to be under the impression that SSO must be disabled to access the API, although one user claims to be able to connect via the API while SSO is enabled with limited ability to communicate between models in different workspaces.
I understand why API connections using CA Certs are more secure. However, if SSO is disabled and anyone can log in to the user's account with a username/password — it seems that most of the risk with disabling SSO isn't mitigated by connecting with a CA Cert.
Am I missing something here?