Oauth 2.0

n8
New Contributor

Oauth 2.0

I’m trying to understand if I can use Oauth 2.0 as a way of allowing Anaplan users to provide access to their Anaplan tenants to a 3rd party application.

Can I create a single Oauth client in my tenant, and have Anaplan users from other tenants go through the Authorization code grant flow?

Or is an Oauth client only meant to be used for just the users within a single Anaplan tenant?

 

5 REPLIES 5
JaredDolich
Moderator

@n8 

Anaplan uses a Multipurpose Internet Mail Extension (MIME) Protocol. Which means only the email address that you grant access to the tenant will be permitted to access it. You can authenticate one of two ways, either a basic authentication (email and password) or by using a CA Certificate.

The same email can be used in multiple tenants provided the email was granted access to the same.

Most customers, for security reasons, use a system email and assign a CA Certificate. 

Hope that helps.


Jared Dolich
n8
New Contributor

Thanks for the reply @JaredDolich. Here's what I'm trying to get at. I'm a partner vendor (Census) with an application that would like access to an Anaplan user's tenant. Let's pretend I have 2 customers that are also Anaplan customers. Coca-cola and GE (bob@cocacola.com and jane@ge.com). They each belong to their company's separate Anaplan tenants. 

 

I'd like to use the Oauth 2.0 Access Code Grant flow to allow Bob and Jane to allow my App to access their data in each of their different tenants. 

 

I see the instructions for creating an Oauth 2.0 Client: https://help.anaplan.com/0984a799-a667-4e70-8759-a134be32f48c-Create-an-OAuth-2.0-client But what I don't understand yet, is if I create an Oauth 2.0 client in my tenant (Census), can I use that same Oauth 2.0 client for Bob and Jane in order for me to get access tokens that access Bob and Janes data in their tenants? Or do I need to have Bob and Jane create their own Oauth 2.0 clients in their own tenants?

 

JaredDolich
Moderator

@n8 

I'm fairly certain you have to establish the Oauth client on the "Source" tenant so it can provide you the correct token. Each user has their own security, even if they're workspace administrators and access is granted at the user level. I'm also fairly certain your ability to reach into Anaplan will be limited to the API 2.0 endpoints.

Since this is a relatively new feature, I would suggest sending a note to support@anaplan.com and have them give you a definitive answer.

Glad you brought this up. I had no idea it even existed. This line here suggests to me that you have to establish the client on the source tenant.

JaredDolich_0-1639343255158.png

 


Jared Dolich
epeterson320
New Contributor

Any definitive answer for this? I'm also in a position where I'd like to develop a third-party app that lets users from different tenants each grant access to their own data.

ryan_kohn
Certified Master Anaplanner

I'd recommending reading through this 3-part article on OAuth in Anaplan: https://community.anaplan.com/t5/How-To/Start-Here-OAuth-Part-1-The-Basics/ta-p/131489

 

If you're already familiar with OAuth and are looking specifically for information on third-party applications, you can skip right to Part 3.