Do you want to retain total control of your users through a centrally managed system?
Anaplan Single Sign-on (SSO) gives you the ability to place user authentication entirely under your control. This allows Anaplan users to navigate to a dedicated webpage and access the model directly rather than entering a username and password.
Anaplan fully supports SAML 2.0 for Single Sign-on (SSO). This includes password complexity policies, time-of-day access windows, two-factor authentication, and any other controls required by the customer’s security policies.
How do you get it set up for Anaplan?
Anaplan requires a technical resource, typically from IT, who knows the SSO setup at your organization. This resource should be able to answer questions about your instance (see the list of information required below).
Once you have collected the information, submit a ticket to firstname.lastname@example.org. The Anaplan Support team will work with you to create a test environment for SSO. After the test environment is validated, we can migrate this setup to your production SSO. Note: if the company allows users to have multiple emails, their Anaplan ID would need to be set up with their SSO email.
Required information (your IT department should know):
Identity Provider IdP URL
Public IdP certificate in Base64 format
Key size required = 1024 or 2048
Is the Digital signed AuthnRequest required (Yes or No)?
SAML Idp provider vender/type
Are you running multiple Idp servers
Any other non-standard SAML parameters
Anaplan will supply:
SAML SP URL
Anaplan public certificate / metadata
What if some users are not part of my company?
Anaplan users that are not part of your company (i.e. your Anaplan consultants) are known as “exception users”. Once SSO is setup, users flagged as exception users will continue to log in as normal through anaplan.com. The settings for exception users is found under the Users tab in Settings. By default, all users will have SSO selected. To enable exception users, un-tick the option for SSO: