Anaplan REST API Authentication with SSO

Does anyone have experience with making get and post calls against the Anaplan API after implementing SSO (SAML 2.0)?

Before we setup SSO, I was able to pass my "username:password" credentials in Base64 to authenticate against the Anaplan REST API and make get + post calls successfully.

Now, when I pass the same credentials I get a bad response from the REST API. I've spoken with my internal network admin and it sounds like setting up a service account is the best solution?

Can anyone confirm if this is true or not?

Accepted answers

All comments

AnalyticWrnglr

Jason,

I know it's been a while since you posted this message. However, is the user you're trying to auth against an "exception user"? If not, this is a requirement in order for a non-sso user to come in the front door making connect and/or API calls. As there really isn't a way to auth via SSO easily.

Thanks!

-Reg

jesse_wilson

Just an additional note, we currently support only basic and certificate authentication, which require authenticating directly with our platform. Token auth. is on the roadmap, but no plans for SSO authentication at this time as far as I'm aware.

Thanks,
Jesse

AnalyticWrnglr

Certificate based auth is absolutely the best way to go, regardless of SSO integration. Super easy, secure and very flexible.

jesse_wilson

This is very true, certificate authentication is the best way to go. We have a few articles in the community that provide steps for using certificates if you're using a connector that doesn't natively support importing your certificate, or a custom API solution.

https://community.anaplan.com/t5/Knowledge-Base/Certificate-Authorization-Using-the-Anaplan-API/ta-p/27818

I would strongly advise using Python, or something similar to decode and encode the certificate so you're not plugging your certificate information into an online encoding/decoding tool. Attached is a snippet of the Python code I use for this purpose.

anaplan_cert_encoding_32020.zip

s9urom

Jesse,

Do you know when will the SSO authentication for API be supported as a formal integration pattern. From a security prespective, SSO authentication is more fool-proof than certificate based authentication and management of users is more federated than having a need to setup an external user.

Ravi.

jesse_wilson

Hi Ravi,

As far as I'm aware, this isn't on our roadmap. I'm confirming with the product manager now, and will update once I have a response.

Thanks

jesse_wilson

Hi Ravi,

I just got back a message from the product owner on this. SAML is for web sessions, but not APIs. We are considering adding OAuth on the roadmap, but must implement a few architectural changes before that can happen.

Thanks

Quick Links

Can you help?

Unanswered questions

Predefaulting A Feild in ANAPLAN
Hello Anaplan Community, I have a special requirement from a customer and would appreciate your input. Let me explain the situation: We have a hierarchy with three levels: Level 1, Level 2, and Level 3. Screen 1: Creation of Level 1 Items On this screen, the user selects a team. Based on their selection, an action runs to…
Looking for Anaplan End-Users to take a short survey!
We are looking for Anaplan end-users to provide feedback on their experiences with the Excel add-in. Interested individuals will respond to this 5-minute survey to help us understand personal needs and behavior when using the add-in. The feedback provided by survey takers is essential to the roadmap of Anaplan's products.…
CERTIFICATION BADGES - ANNOUNCEMENT
Anaplan Champions! The Community team just posted this announcement that certification badges may not be showing up on your profile probably until next year. Rest assured, you will get credit once you complete and pass the exams. https://community.anaplan.com/t5/Blog/Badges-Back-Soon/ba-p/123385