Glossary of Key Terms: SSO

AuthnRequest: The outbound request from Anaplan to client.

AuthnResponse: The inbound request from client to Anaplan.

Exception User: A user that still able use the standard login mechanism at the Anaplan URL, which is useful if the Friendly URL is not working properly. This must be an Anaplan Workspace Administrator.

Friendly URL: The URL created by Anaplan for an SSO server. This URL is required by the client and should be positioned on the client intranet. Clicking this link starts an SP initiated request.

Identity Provider (IdP) initiated SAML Authentication: SAML Authentication starts at the Identity Provider, which is the client. The client sends a SAML Response that contains all necessary authentication information. An IdP initiated SAML Authentication contains only a Response, rather than a Request and a Response.

SAML: Security Assertion Markup Language is an authentication protocol. Anaplan has implemented the standard SAML 2.0 framework. Further information on SAML can be found on Wikipedia wiki/Security_Assertion_Markup_Language.

Server Type: Anaplan can deal with two distinct authentication protocols. The Anaplan SSO and SAML2.0. Choosing the "SAML" server type shows other fields to further define how the client's SAML SSO Server is configured.

Service Provider (SP) initiated SAML Authentication: SAML Authentication starts at the Service Provider, which is Anaplan. This triggers an AuthnRequest to a client. The client replies with a SAML Response. An SP Initiated SAML Authentication encapsulates both a Request and Response.

Single Sign On (SSO) Server: This can be provided by the SAML 2.0 protocol or through a custom built Anaplan SSO.

SSO User: Any client user that clicks on the "Friendly link" to access their models through SSO (SAML).