anaplan.com login page should support SSO

anaplan.com login page should support SSO

Description of enhancement: The login page at anaplan.com should provide options for SSO (Single Sign On) users to log in

 

Why enhancement is required: Users who require SSO may still go to anaplan.com and assume they can log in. They'll try various passwords, eventually locking themselves out. There is no indication that SSO is never going to work from this page. User and admin frustration escalates.

 

Why this is a security problem: In fruitless attempts to log in, uers will try password that are for non-anaplan services, thus sending valid credentials to anplan which could be logged or abused.

 

Possible implementation: Anaplan knows your IDP based on your email address, so it has the information required to send you to the right place. The only piece that is missing is the UI. There are many options other providers use, such as the following:

 

  • A "Login with SSO" button is shown on the username/password page. When clicked, it takes you to a page where you can put in your email address. Once input, it does an SP initiated login for your specific IDP.

 

  • On the existing username/password page, once the email address is specified an ajax call is made to determine if the user has SSO enabled, and if so does an SP initiated login rather than allowing a password.

 

 

2 Comments
Community Manager
 
Status changed to: Your support is needed
Certified Master Anaplanner
Users Online
Currently online: 353 members 572 guests
Please welcome our newest community members: