If you require special configurations for your single sign-on (SSO) instance, use the Advanced tab in Self Service SAML.

The advanced settings for Self Service SAML require advanced familiarity with SAML protocols. 

In the Advanced tab, you can configure the following settings:

SettingTypeDescription
Name ID FormatDropdown listOptions include Email Address, Transient, or Unspecified. If you use a value other than Email Address, you must specify an Attribute Mapping value.
Attribute MappingTextIf the Name ID Format is set to use a value other than Email Address, specify the metadata attribute containing the email address Anaplan uses for validation.
Note: If the Name ID Format value is Email Address, don't change the default Attribute Mapping value.
Force AuthnToggleWhen enabled, the identity provider (IdP) must authenticate the user again if required during the session, and even if the user is already authenticated.
AllowCreateToggle

Controls how the authentication process responds when a user doesn't exist in the identity provider (IdP) but exists in the service provider's site.

  • If enabled, users can go through a registration process that automatically enables them to enroll in the identity provider’s portal.
  • If disabled, users who aren't registered with the IDP portal fail, and must contact the administrator for access.

By default, this setting is disabled.

ComparisonDropdown listSpecifies the level of assurance. Options include Exact, Better, or None. The default value is Exact.
Context ClassTextDefines the level of protection to associate with the Comparison value. For details, see SAML protocols.