1. Administration and security
  2. Administration
  3. Self Service SAML
  4. Add a new identity provider connection
  5. Advanced SAML settings

If you require special configurations of your single sign-on (SSO) instance, use the Advanced tab in Self Service SAML.

The advanced settings for Self Service SAML require advanced familiarity with SAML protocols. 

In the Advanced tab, you can configure the following settings:

The Advanced tab for a Single Sign-On connection. The tab displays the Advanced options with default values.
SettingTypeDescription
Name ID Formatdrop-down listOptions include:
Email Address
Transient

Unspecified
If you use a value other than Email Address, you need to specify an Attribute Mapping value.
Attribute Mappingtext inputIf the Name ID Format is set to use a value other than Email Address, Anaplan uses the Attribute Mapping value. This value defines the metadata attribute that contains the email address Anaplan uses for validation.
Note: If the Name ID Format value is Email Address, do not change the default Attribute Mapping value. 
Force AuthntoggleWhen enabled, the identity provider (IdP) must authenticate the user again, if required during the session and even if the user is already authenticated.
AllowCreatetoggleThis setting controls how the authentication process responds when a user does not exist in the identity provider (IdP) but exists in the service provider site.  
When enabled, users can go through a registration process that automatically enables them to enroll within the identity provider’s portal.
When disabled, users who are not registered with the IDP portal fail and must contact the administrator for access.
By default, this setting is disabled.
Comparisondrop-down listSpecifies the level of assurance. Options include:
Exact
Better
The default value is Exact.
Context Classtext inputDefines the level of protection to associate with the Comparison value.  For details, see SAML protocols.