Single Sign on security enhancement

Single Sign on security enhancement

We got a requirement recently to limit access to single sign-on setting. At the moment all administrators are able to deactivate this for themselves at any given moment and effectively skip all security controls. We believe that not all admins should be able to do this. In companies which have more builders (for example 25) you may find some 'regular' developers who are just building their models and some people who are also responsible for overall governance (COE team). I'd suggest that SSO should be changed at Tenant administrator level as only limited amount of admins have access to it and it could be easily controlled there. We are not even able to see in history who and when did the change (it appears under blank model change) so the only way to control it is to export Users tab every day to keep track on all changes, which is quite tedious process. Moreover, currently administrator can turn SSO off for himself which should not be possible at all. I suggest it works exactly the same way as administrator (admin can't revoke his admin privileges and needs another admin to do this) so additional person will be needed to do that action. It should slightly increase SSO security.
5 Comments
Community Manager
 
Status changed to: Your support is needed
Contributor

Hi Matthias, you might want to look at a similar post from Ernie_Goff https://community.anaplan.com/t5/Idea-Exchange/Add-default-Security-Admin-and-Data-Admin-roles-to-su...

and add Kudos to this to try and help it gain enough support to be picked up by the Anaplan development team.

Cheers, Andrew.

Regular Contributor
 
Status changed to: Under Investigation
Super Contributor

Thank you for your idea submission. After careful review with our internal product teams on your idea, we have unfortunately decided this does not fit on our roadmap. We understand this can be frustrating. We appreciate you taking the time to submit your suggestions, and encourage you to continue to do so in the future. If you have any concerns, don't hesitate to reach out to the Anaplan Team through here or Community@anaplan.com.

Status changed to: Not Planned
New Contributor

We plan to enhance the Tenant Administration Self Service SAML feature to include the ability to assign exception users (users that can bypass SSO).  Only Tenant Security Administrators would have the authorization to apply this setting and it means that WSA's can no longer have that control. 

Status changed to: Considered for Future Roadmap
Users Online
Currently online: 68 members 539 guests
Please welcome our newest community members: