Introducing Centralized Identity Management (CIM)

Community Boss

We’re excited to begin rolling out Centralized Identity Management (CIM). CIM is designed to empower administrators to manage all the users in their tenant from a single pane of glass, providing a high level of security and trust for users, data, and the environment.

CIM will be deployed in multiple phases. As of March 4, customers can now assign the User Admin role.

The ability for the User Admin to assign users to workspaces using the Administration UI will will be announced upon release as part of Phase 2.

The ability to add and remove users within the users tab of the workspace will be removed from the Workspace Administrator role in Phase 2 as well. Workspace Administrators will continue to be able to set model-level permissions within models.

If an individual set to Workspace Administrator needs to continue to add users to workspaces, they will need to be assigned the User Administrator role within Administration once the next phase is available. After that release, when a user is first added to a workspace, that users default access will be ”no access”. It is then the Workspace Administrator’s responsibility to define the model access for that newly added user.

While there is not a set date for Phase 2, we will provide more communication and detail as it approaches.  

Check out this Anapedia article for more information.

Screen Shot 2021-03-03 at 5.33.01 PM.png

Certified Master Anaplanner

What about those of us that already built an enterprise-level security model that our organization's Customer Support group uses to assign and manage complex security that is applied to the models?  I am very concerned that this will BREAK my security solution and the ability to have model user definitions assigned via an integration process from my custom built security model.

The way our process has successfully worked since 2015 is that a service account, assigned Workspace Admin role, runs these actions via AnaplanConnect processes. If that service account is assigned the User Admin role in Administration, will that account still be able to run actions to create/update users in models?  I am in need of a lot more details about this. 

Somebody needs to address this ASAP.  Will there be an ability to opt out of this feature?  I'm starting to freak out a little bit.  Please help me not freak out.

Stacey Gibbens

Master Anaplanner/Community Boss

@Stacey_Gibbens You're not alone.

This conversation may help you. @rob_marshall is taking the lead.




I have already reached out to Connie on your behalf and she will reply to you.




@Stacey_GibbensBulk import of users and their selective access will not be impacted by this feature. You will not need to assign the service account the User Admin role.  You will be able to continue to run your processes without modification.

Certified Master Anaplanner

@JaredDolich @rob_marshall @MelanieM Thanks for the feedback.  I really appreciate it.  I have to say, my blood pressure rose a bit yesterday afternoon.... it's back to normal now.  😉