Ability of supporting different unique identifier (NameID) for SAML authentication

Ability of supporting different unique identifier (NameID) for SAML authentication

Description:

Ability of supporting different unique identifier (NameID) for SAML authentication.

Example of enhancement:
Customer can set the unique identifier while configuring SAML for Anaplan.

Benefit/impact:
Some organisations have a unique identifier that is different from the email address as the email address can change for different reasons.
Currently, when there is a change to the preferred name in Workday for example, it changes the email address (NameID) for SSO and as a result the SSO stops working because Anaplan uses email as unique identifier.

6 Comments
Community Boss
 
Status changed to: Considered for Future Roadmap
New Contributor

We would really want to change the unique identifier in Anaplan to be something other than the email address for all users, not just for SAML authentication. Otherwise if a user email address changes, which can happen for various reasons, the user has to be reset up again in Anaplan.

New Member

Email address as a NameID has been deprecated in SAML since SAML 2.0 was released... in 2005.  And for very good reasons of user management.  Come join us in the 21st century!

Regular Contributor
 
Status changed to: On Roadmap
New Contributor

Hi,

I have an important client who signed with Anaplan on the basis of an authentication based on the employee ID, not on the email address. With this client, all editors (Workdate, Microsoft, ...) use the employee ID for the SSO. Some publishers have had to make changes to their product in order to meet this requirement. For our part, is any change planned for this year?

New Contributor

This is available as part of our new Self Service SAML feature released earlier this year.  Within the next few months, we will be migrating customers using Anaplan's existing SSO Server to the new Self Service SAML framework.  Once migrated, customers may use attributes other than the email address in the Name_ID format, as long as they indicate where in the SAML response the customers' email address is located.  We still require this attribute to properly map that user to our record of that user in our tables.

Status changed to: Delivered
Users Online
Currently online: 334 members 1,097 guests
Please welcome our newest community members: