Anaplan API — If SSO is disabled do CA Certs really help that much?

Highlighted
Occasional Contributor

Anaplan API — If SSO is disabled do CA Certs really help that much?

Hi All, 

 

I'm working on developing some best practices for our organization surrounding Anaplan API connections. I know Anaplan recommends using a CA Cert when connecting with the API, but I'm not able to find much guidance from Anaplan regarding API connections and SSO. I did find this thread where most users seem to be under the impression that SSO must be disabled to access the API, although one user claims to be able to connect via the API while SSO is enabled with limited ability to communicate between models in different workspaces. 

 

I understand why API connections using CA Certs are more secure. However, if SSO is disabled and anyone can log in to the user's account with a username/password — it seems that most of the risk with disabling SSO isn't mitigated by connecting with a CA Cert.

 

Am I missing something here?

 

 

 

 

2 REPLIES 2
Highlighted
Master Anaplanner/Community Boss

Re: Anaplan API — If SSO is disabled do CA Certs really help that much?

@brookec 

 

As far as I know if you are moving data across models but within a workspace you can have SSO enabled but if it is across workspaces then the API user has to be exception user (Non SSO enabled). Version 2.0 API will cater to the need of not having SSO enabled API user while doing integration across workspaces.

 

On benefits of CA certificate I will let @ben_speight  take charge

Highlighted
Master Anaplanner/Community Boss

Re: Anaplan API — If SSO is disabled do CA Certs really help that much?

@brookec 

@Misbah is absolutely right.

The only way you will get data in and out of Anaplan with a certificate is when SSO is turned off (exception user). 

The biggest benefit of a CA certificate is security. You don't have to save passwords, you don't have to reset the password, etc.. Very safe way to move data around and is best practice when it comes to data integration.

I think the CA certificates are rather inexpensive too. here's a whole list of them that will work.

@ben_speight is the expert though. He may have other perspectives.


Jared Dolich