Anaplan uses a Multipurpose Internet Mail Extension (MIME) Protocol. Which means only the email address that you grant access to the tenant will be permitted to access it. You can authenticate one of two ways, either a basic authentication (email and password) or by using a CA Certificate.
The same email can be used in multiple tenants provided the email was granted access to the same.
Most customers, for security reasons, use a system email and assign a CA Certificate.
Thanks for the reply @JaredDolich. Here's what I'm trying to get at. I'm a partner vendor (Census) with an application that would like access to an Anaplan user's tenant. Let's pretend I have 2 customers that are also Anaplan customers. Coca-cola and GE (firstname.lastname@example.org and email@example.com). They each belong to their company's separate Anaplan tenants.
I'd like to use the Oauth 2.0 Access Code Grant flow to allow Bob and Jane to allow my App to access their data in each of their different tenants.
I see the instructions for creating an Oauth 2.0 Client: https://help.anaplan.com/0984a799-a667-4e70-8759-a134be32f48c-Create-an-OAuth-2.0-client But what I don't understand yet, is if I create an Oauth 2.0 client in my tenant (Census), can I use that same Oauth 2.0 client for Bob and Jane in order for me to get access tokens that access Bob and Janes data in their tenants? Or do I need to have Bob and Jane create their own Oauth 2.0 clients in their own tenants?
I'm fairly certain you have to establish the Oauth client on the "Source" tenant so it can provide you the correct token. Each user has their own security, even if they're workspace administrators and access is granted at the user level. I'm also fairly certain your ability to reach into Anaplan will be limited to the API 2.0 endpoints.
Since this is a relatively new feature, I would suggest sending a note to firstname.lastname@example.org and have them give you a definitive answer.
Glad you brought this up. I had no idea it even existed. This line here suggests to me that you have to establish the client on the source tenant.