About connie.j

Hi David:  this unique ID is an option in the SAML configuration where customers can send the unique ID in the SAML response as long as they include the user's email address somewhere in that response.  Anaplan will consume the SAML response and extract the user's email address to identify that user in our own data store.   Certain customers want to use something other than email address in the NAMEID Format section of the SAML configuration, which we support, again, as long as they specify where in the SAML response the email address is located. ... View more

we have "Allow Lists", which represent allowable IP address ranges, as part of our roadmap. ... View more

MFA is a feature on our roadmap. ... View more

Centralized identity management is a significant roadmap initiative.  It includes the ability to create/update/delete/de-activate users, and assign and remove them to and from workspaces within the Administration application.  Only User Administrators (new role) will be able to perform this function.  Workspace administrators will no longer be able to perform these tasks once this initiative is released. ... View more

We will implement this segregation as part of our Centralized Identity Management initiative, which introduces a new role called the User Security Administrator role.  Only users with this role can create/update/delete/de-activate users and assign them to/from workspaces.  Once this feature is available, Workspace Administrators will no longer be able to create/delete/add/remove users into their models/workspaces.  They will only be able to assign them model level security.  The users will appear in READ mode to the WSA.  Only User Administrators can remove these users from a workspace. ... View more

We will migrate WSA role assignment to the Administration application.  ONce this is done, a Tenant Administrator has full control over assigning the WSA role.  They will no longer be "locked out" if no user with WSA role exists in their tenant. ... View more

This issue should be addressed.  If a non-authenticated SSO user accesses a bookmark to Anaplan content, they will be redirected to Frontdoor with an option to login via SSO.  Once they click the "log in via SSO" link, they should be directed through the authentication process with their IDP, after which they will be re-directed to the bookmarked content. ... View more

This is available as part of our new Self Service SAML feature released earlier this year.  Within the next few months, we will be migrating customers using Anaplan's existing SSO Server to the new Self Service SAML framework.  Once migrated, customers may use attributes other than the email address in the Name_ID format, as long as they indicate where in the SAML response the customers' email address is located.  We still require this attribute to properly map that user to our record of that user in our tables. ... View more

We have a roadmap deliverable to support LDAP 2.0 compliant providers.  This requirement falls under that intiative. ... View more

SSO Links to Anaplan content are now supported. ... View more

We are planning to move this functionality from the model and surface it in Tenant Administration.  This means only Tenant Security Administrators are allowed to configure users for SSO (or for the ability to bypass SSO). ... View more

We plan to enhance the Tenant Administration Self Service SAML feature to include the ability to assign exception users (users that can bypass SSO).  Only Tenant Security Administrators would have the authorization to apply this setting and it means that WSA's can no longer have that control.  ... View more

Hi Henri:  the Class 1 will probably work:  can you please confirm with the provider that their cert will meet each of the requirements documented under "Certificate Requirements" in this document https://help.anaplan.com/anapedia/Content/Administration_and_Security/Tenant_Administration/Security/ProcuringCACertificates.htm   Thank you, Connie ... View more

Hi Henri: You can begin by contacting your IT or Security Operations organization to determine if your company already has an existing relationship with a CA or intermediary CA. If your organization has an existing relationship with a CA or Intermediate CA you can request a client certificate be issued for your integration user. If your organization does not have an existing CA relationship, then you would need to contact an Intermediary CA which has one of the supported Root CA's digitally signing the Intermediary CA's certificate. As you noted, there are many categories of certificates that a CA offers(for example: SAN certificates, wildcard certificates, code-signing certificates, and others). You should request a client certificate only. The process for procuring the certificate may take a few weeks for some validation that the CA must perform. We recommend you allow time for the procurement process. Once the CA issues the certificate file, follow their documented steps for making this file available in your environment. ... View more