Based on customer feedback and to allow admins additional time to transition to new integration clients, Anaplan will be issuing a new Anaplan certificate on December 8, 2018. You will need to take action based on the integration client and authentication method you are using:
|Anaplan Connect 18.104.22.168 or lower||Anaplan Certificate||Yes|
|Anaplan Connect 1.4||CA Certificate||No|
|Informatica Anaplan Connector||Anaplan Certificate||Yes|
|Informatica Anaplan Connector||CA Certificate||No|
|Mulesoft 2.x||CA Certificate||No|
|SnapLogic 1.x||Anaplan Certificate||Yes|
|Boomi x.x||Basic Authentication||No|
|Tableau 1.0||Anaplan Certificate||Yes|
|Any client||Basic Authentication||No|
If your integration client and authentication method has a "Yes" in the "Action Required" column, then you must take action on December 8 to prevent disruption to your integrations.
By December 8, 2018 you have two options:
Anaplan is extending the deadline to migrate to Certificate Authority (CA) certificates to December 2019. In order to support this, on December 8, 2018, Anaplan will update our production certificate. This will replace validation for Anaplan certificates and existing Anaplan certificates will cease to work once this certificate has been issued.
This new certificate is intended to be used for existing clients on the legacy certificate authentication (such as Anaplan Connect 22.214.171.124). This certificate will not work on clients using the CA certificates (such as Anaplan Connect 1.4).
Although customers will now have two options to choose from, Anaplan recommends that customers update their integration clients to a version that supports Certificate Authentication 2.0 which uses a CA certificate.
Note that web login, web SSO, and basic authentication to integrations are not impacted by this event.
The current Anaplan certificate used by some customers for their integrations is set to expire in December. Customers who are impacted have been updating their clients to use CA certificates. However, we have received feedback that customers need more time to complete these updates and wanted to continue to use their existing clients. In order to support the existing clients, Anaplan will be issuing a new certificate on December 8, 2018 which can be used for certificate authentication. The benefit of this option is that customers can continue to use their existing clients and will have more time to update their clients to use CA certificates after December 2018.
Basic authentication does not use a certificate, meaning the certificate expiration doesn't impact you. You can continue to use whatever integration client that you are using today.
Customers who have already implemented a new integration client (such as Anaplan Connect 1.4 or Informatica Anaplan Connector) can avoid the impact of the certificate expiration by using Certificate Authentication 2.0 or basic authentication. These clients support this new type of authentication which requires customers to provide their own Certificate Authority (CA) certificate. This is the recommended route for customers as Certificate Authentication 2.0 is the expected and future method for using certificate authentications with Anaplan integration clients. As you will be using your own provided CA certificate, you are not impacted by the Anaplan-issued certificate expiration and cannot use the new Anaplan-issued certificate. However, you must implement before December 8, 2018.
You should download new certificate on December 8, 2018 and apply it to your integration client. Only after you download a new certificate and update your integration client will your integration continue to function. You can obtain this new certificate by generating it from the My Account page starting on December 8, 2018, following the planned maintenance window. You'll also be able to download additional certificates after this date.
To obtain a new certificate:
Your Integrations will run after making above changes. Every integration client will have different steps to apply a certificate.
Note: Some new integration clients, like Informatica Anaplan Connector, support both certificate authentication methods. If you use Informatica to integrate with Anaplan using certificates and are unable to switch to using a CA certificate at this time, you can obtain a new Anaplan-issued certificate on December 8, 2018, and use that with your Informatica integration.
This change only impacts certificate authentication with integration clients. Logging in to Anaplan via the web with standard login or SSO is not impacted. Integration authentication with basic authentication is also not impacted. The CA certificate that customers provide for Certificate Authentication 2.0 is not compatible with Certificate Authentication 1.0.
What is important is what version your integration client supports.
Certificate Auth. 1.0 (Anaplan certs)
Certificate Auth. 2.0 (CA certs)
|Anaplan Connect 126.96.36.199||X||X|
|Anaplan Connect 1.4||X||X|
|Informatica Anaplan Connector||X||X||X|
|Boomi 1.x||X||This version of the client never supported certificate authentication|
|Boomi 2.x||X||X||Boomi has informed Anaplan that this is scheduled for Q1 2019|
|SnapLogic 2.x||X||X||Snaplogic has informed Anaplan that this is scheduled for Nov 10|
|Tableau 2.x||X||X||This has not yet been released|
|Workiva||X||Workiva has confirmed that existing Anaplan integrations are not impacted|
|Docusign Integration||N/A||N/A||N/A||Docusign integration is not impacted|
Note: Consult individual user guides for any additional steps required to implement CA authentication with an individual connector.
Assuming that you are using a supported integration client, complete the following steps on December 8:
More information about API 2.0 can be found here: https://anaplanbulkapi20.docs.apiary.io/#
The new certificates issued on December 8, 2018 will expire after 1 year. However, the expectation is that you will use this time period to migrate to Certificate Authentication 2.0 as soon as you can. We are issuing this new 1.0 certificate in order to give customers the time to make the switch - all new development will be based on Certificate Authentication 2.0.
For example, Anaplan has recently released an API as part of the new Audit feature. This API has only ever supported Certificate Authentication 2.0.
Review our Certificate Expiration FAQs.
Do you have feedback or questions on the “Update to Integration Certificate Expiration” blog post? Share your thoughts on our Anaplan generated Certificates to expire Dec 10, 2018 Community thread.