1. Administration and security
  2. Administration
  3. Self Service SAML
  4. Add a new identity provider connection
  5. Set the metadata

Self Service SAML uses metadata to populate the details of your service provider information in the identity provider connection.  The metadata comprises information such as: 

  • the sign-in and sign-out URLs 
  • the X509 certificate you have registered with Anaplan,
  • if your connection is a signed connection

You can load your metadata from an XML file, or manually configure your metadata in your connection.

Note:  Some identity providers do not support signed requests.  If you create a new connection with a provider that does not support signed requests, your connection is treated as unsigned.

The Metadata tab in the Single Sign-On feature.  The connector is named HumanResources. The Load from XML file option is selected with a URL set to the appropriate identity provider XML file.

Load metadata from an XML file

  1. In the Metadata tab, enter a Connection Name.
    The connection name value:
    • should match the name of your connection in the identity provider interface
    • is limited to a maximum of 128 characters 
    • only supports alphanumeric characters and hyphens
    •  cannot contain a space
    • must be unique
  2. Select Load from XML file.
  3. Enter the URL of the metadata XML file with your configuration information.
  4. Click Save to create the connection.

Manually configure your metadata

Note: Manual-configuration of your connection metadata requires familiarity with SAML protocols.

  1. In the Metadata tab, enter a Connection Name.
    The connection name value:
    • should match the name of your connection in the identity provider interface
    • is limited to a maximum of 128 characters
    • only supports alphanumeric characters and hyphens
    • cannot contain a space
    • must be unique
  2. Specify the Sign-in URL.
    This value informs Anaplan where to direct requests to the IdP to confirm the user’s identity.  
  3. Optionally specify the Sign-out URL, so users log out of both your IdP and Anaplan at the same time. 
    If you do not specify a sign-out URL, then when users log out in Anaplan, the Anaplan session ends but the users are still logged-in to your IdP.
  4. Specify the X509 Certificate URL with the certificate to use for your public key. 
  5. Select the Signed toggle to indicate if the connection is a digitally-signed connection that uses an X509 certificate. This is enabled by default. 
  6. Click Save to create the connection.

Service Provider (SP) Information

Once you save the connection, the Administration Console creates the service provider information you use to provide your details to your IdP.