If you require special configurations for your single sign-on (SSO) instance, use the Advanced tab in Self Service SAML.
The advanced settings for Self-Service SAML require advanced familiarity with SAML protocols.
In the Advanced tab, you can configure the following settings:
| Setting | Type | Description |
| Name ID Format | Dropdown list | Options include Email Address, Transient, or Unspecified. If you use a value other than Email Address, you must specify an Attribute Mapping value. |
| Attribute Mapping | Text | If the Name ID Format is set to use a value other than Email Address, specify the metadata attribute containing the email address Anaplan uses for validation. Note: If the Name ID Format value is Email Address, don't change the default Attribute Mapping value. |
| Force Authn | Toggle | When enabled, the identity provider (IdP) must authenticate the user again if required during the session, and even if the user is already authenticated. |
| AllowCreate | Toggle | Controls how the authentication process responds when a user doesn't exist in the identity provider (IdP) but exists in the service provider's site.
By default, this setting is disabled. |
| Comparison | Dropdown list | Specifies the level of assurance. Options include Exact, Better, or None. The default value is Exact. |
| Context Class | Text | Defines the level of protection to associate with the Comparison value. For details, see SAML protocols. |
