If you require special configurations of your single sign-on (SSO) instance, use the Advanced tab in Self Service SAML.
The advanced settings for Self Service SAML require advanced familiarity with SAML protocols.
In the Advanced tab, you can configure the following settings:
| Setting | Type | Description |
| Name ID Format | drop-down list | Options include: Email Address Transient Unspecified If you use a value other than Email Address, you need to specify an Attribute Mapping value. |
| Attribute Mapping | text input | If the Name ID Format is set to use a value other than Email Address, Anaplan uses the Attribute Mapping value. This value defines the metadata attribute that contains the email address Anaplan uses for validation. Note: If the Name ID Format value is Email Address, do not change the default Attribute Mapping value. |
| Force Authn | toggle | When enabled, the identity provider (IdP) must authenticate the user again, if required during the session and even if the user is already authenticated. |
| AllowCreate | toggle | This setting controls how the authentication process responds when a user does not exist in the identity provider (IdP) but exists in the service provider site. When enabled, users can go through a registration process that automatically enables them to enroll within the identity provider’s portal. When disabled, users who are not registered with the IDP portal fail and must contact the administrator for access. By default, this setting is disabled. |
| Comparison | drop-down list | Specifies the level of assurance. Options include: Exact Better The default value is Exact. |
| Context Class | text input | Defines the level of protection to associate with the Comparison value. For details, see SAML protocols. |
