Single Sign on security enhancement

We got a requirement recently to limit access to single sign-on setting. At the moment all administrators are able to deactivate this for themselves at any given moment and effectively skip all security controls. We believe that not all admins should be able to do this. In companies which have more builders (for example 25) you may find some 'regular' developers who are just building their models and some people who are also responsible for overall governance (COE team). I'd suggest that SSO should be changed at Tenant administrator level as only limited amount of admins have access to it and it could be easily controlled there. We are not even able to see in history who and when did the change (it appears under blank model change) so the only way to control it is to export Users tab every day to keep track on all changes, which is quite tedious process. Moreover, currently administrator can turn SSO off for himself which should not be possible at all. I suggest it works exactly the same way as administrator (admin can't revoke his admin privileges and needs another admin to do this) so additional person will be needed to do that action. It should slightly increase SSO security.
3 Comments
Community Manager
 
Status changed to: Needs Community Support
Contributor

Hi Matthias, you might want to look at a similar post from Ernie_Goff https://community.anaplan.com/t5/Idea-Exchange/Add-default-Security-Admin-and-Data-Admin-roles-to-su...

and add Kudos to this to try and help it gain enough support to be picked up by the Anaplan development team.

Cheers, Andrew.

Regular Contributor
 
Status changed to: Under Investigation
Users Online
Currently online: 146 members 460 guests
Please welcome our newest community members: