Steps to configure SAML SSO for Anaplan

About Anaplan

Anaplan is a cloud-based connected planning platform designed to enhance business performance through collaborative planning and real-time data analytics. Anaplan enables organizations to integrate various business functions—such as finance, sales, supply chain, and human resources—into a unified planning environment.

The following steps will help you enable SSO for Anaplan from Identity360.

Prerequisites

1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications.
2. Log in to Identity360 as an Admin, Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
3. Navigate to Applications > Application Integration > Create New Application and select Anaplan from the applications displayed.
   Note: You can also find Anaplan using the search bar located at the top.
4. Under the General Settings tab, enter the Application Name and Description.
5. Under the Choose Capabilities tab, choose SSO and click Continue.
   General Settings of SSO configuration for Anaplan
6. Under Integration Settings, navigate to the Single Sign On tab, click on Metadata Details. Copy the Login URL, Logout URL, and download the Signing Certificate.
   Integration Settings of SSO configuration for Anaplan

Anaplan (service provider) configuration steps

1. Log in to Anaplan as an administrator.
2. In the Administration page, navigate to Security > Single Sign-On.
3. Click New.
4. Under the Metadata tab, enter Identity360 as the Connection Name.
5. To configure the IdP, choose Manual Entry.
6. Paste the Login URL and Logout URL copied in step 6 of prerequisites in the Sign-in URL and Sign-out URL fields, respectively.
7. Under the IDP X509 Certificate field, click Choose File, and upload the Signing Certificate downloaded in step 6 of prerequisites.
8. Toggle to Signed to indicate if the connection is a digitally-signed connection that uses an X.509 certificate. This is enabled by default.
9. Go to the Advanced tab.
10. Choose Email Address for the Name ID Format.
11. Choose PasswordProtectedTransport as the Context Class.
12. Leave the rest of the fields under the Advanced tab at their default settings.
13. Click Save.
14. Once you save your SSO connection settings, Anaplan generates information for you to share with your identity provider as part of the configuration process. This includes an ACS URL. Copy the ACS URL, which will be used during Identity360 configuration.
15. Enable the connection by toggling the Enabled setting to on.
    Note: To specify Anaplan workspaces in your tenant that can use your IdP connection for SSO, click here.

Identity360 (identity provider) configuration steps

1. Switch to Identity360's application configuration page.
2. Enter the Tenant Name of Anaplan. You can find the tenant name in Anaplan's ACS URL, which you copied in step 14 of Anaplan configuration. For example, if the ACS URL is https://sdp.anaplan.com/frontdoor/saml/<TenantName>, the tenant name is the final part of the URL.
3. Enter the Relay State parameter, if necessary.
   Note: The Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
4. Click Save.
   Integration Settings of SSO configuration for Anaplan
5. To learn how to assign users or groups to one or more applications, refer to this page.

Your users will now be able to sign in to Anaplan through the Identity360 portal.