1. Administration and security
  2. Security
  3. Single Sign-on (SSO)
  4. Assign Exception Users

When you assign a workspace to SSO, all users become SSO users by default. Once SSO is set up, exception users can log in using SSO or log in using the standard login mechanism at the Anaplan URL: https://sdp.anaplan.com/frontdoor/login.

Note: Your organization should only use exception users for:
  • users who run v2 and v1.3 APIs and authenticate using basic authentication
  • support situations
It's a best practice to keep the number of exception users to a minimum or instead use Certificate Authority authentication.

To assign a user as an exception user, clear the Single Sign-on checkbox for that user in the Users tab within Settings.

Warning: Once SSO is set up, users can only access Anaplan using SSO unless they are an exception user. We recommend that your organization assigns at least one exception user.
Your business must schedule an appropriate time to enforce SSO. It is essential that your organization educates end-users on accessing the Friendly URL. Note that the Friendly URL format has specific configuration requirements.

Enforce SSO Authentication

You can change the exception user access so the user account has to use SSO authentication. For example, you might designate a different exception user account in your organization and want the previous exception user to adhere to SSO authentication going forward.

If you need to enforce SAML SSO authentication for an exception user so that they can no longer use the standard login mechanism at the Anaplan URL:

  1. Click Settings > Users
  2. Select the Single Sign-on checkbox of the exception user user for which you want to enforce SSO.
  3. If you have more than one workspace, repeat this step for each workspace.
Note: This associates SSO with a model to which the user has access in the workspace. Once SSO is enforced for a user, they cannot log in with their user name and password at the Anaplan URL.

Troubleshoot display of the Single Sign-on checkbox

When you enable SSO authentication in your workspace, the Single Sign-on checkbox column may not immediately display.  If the checkbox column does not display, close the model and reopen it. 

To display the Single Sign-on checkbox column in your model after enabling SSO:

  1. Navigate to Model Management > Tasks.
  2. Close the model, then reopen it.
    The Single Sign-on checkbox column displays in the model.

To display the Single Sign-on checkbox column in all models in your workspace, have all your users logout from Anaplan to unload the models. If the Single Sign-on checkbox column does not display, contact Support.