Search

Administration: Security - Certificates

If you have access to Certificates in Anaplan, you can register and maintain certificates as part of Certificate Authority (CA) authentication.

Certificate Authority (CA) Authentication

Certificate Authority (CA) authentication lets you use certificates from an external public certificate authority with Anaplan APIs and Anaplan Connect. To use CA authentication with Anaplan APIs and Anaplan Connect, your users must submit certificates with a valid, recognized external public CA as the root certificate. As the Tenant Administrator, you can register and manage these certificates in Anaplan.

Why use CA Certificates?

CA authentication offers a certificate hierarchy known as the "chain of trust" that enables you to verify the validity of a certificate issuer. This aligns with industry standards and provides a higher level of security for Anaplan customers.

You can still use certificates signed by Anaplan with Anaplan APIs and Anaplan Connect. CA authentication provides an alternate method conforming more with industry standards.

Using CA certificates:

  • Integration users can authenticate API sessions.
  • Integration users enabled for Single Sign-On (SSO) can:
    • Submit a CA certificate to authenticate API sessions and receive a Java Web Token (JWT)
    • Use the CA even if passwords have expired
  • API users can use CA certificates instead of entering a username and password
Authentication automatically fails when you submit an expired certificate.

Customer Responsibilities

If your organization uses CA Authentication, your organization assumes responsibility for your users' certificates. You must:

With CA authentication, Tenant Administrators can further use the Anaplan Administration app to: