In Anaplan, Single Sign-on (SSO) enables a user authenticated by a login other than the standard login mechanism at the Anaplan URL, to access multiple systems and environments using a single web browser session without that user needing to visit a login page for each system and environment.
As the Anaplan administrator for your organization, you can set up your environment for SSO access to Anaplan.com using the Security Assertion Markup Language (SAML) authentication protocol. Anaplan fully supports SAML 2.0 for SSO. This includes password complexity policies, time-of-day access windows, two-factor authentication, and any other controls required by your organization's security policy.
Anaplan is a service provider (
) and your organization is an identity provider
). The steps with this section assume that Anaplan is the service provider (SP) that initiates SAML authentication when the end-user clicks on the "friendly URL" that Anaplan provides.
Anaplan implements the standard SAML 2.0 framework with support for these behaviors:
A digital signature on the SAML authentication response (AuthnResponse) that is validated, with the message decrypted, if required.
1024 or 2048 bit keys.
HTTP REDIRECT SAML binding profile for Idp assertions.
SP Initiated SAML using HTTP REDIRECT (GET).
Support for federation server vendors including Microsoft ADFS, Okta, and Ping Federate.
The SAML framework provides optional attributes. Minimally, the timestamp attributes are validated. If additional validations are required, development work can be done outside of the standard SAML 2.0 framework.