1. Administration and security
  2. Security
  3. Single Sign-on (SSO)
  4. Glossary of Key Terms: SSO

AuthnRequest: The outbound request from Anaplan to client.

AuthnResponse: The inbound request from client to Anaplan.

Exception User: A user that still able use the standard login mechanism at the Anaplan URL, which is useful if the Friendly URL is not working properly. This must be an Anaplan Workspace Administrator.

Friendly URL: The URL created by Anaplan for an SSO server. This URL is required by the client and should be positioned on the client intranet. Click this link to start an SP initiated request. Note that the Friendly URL format has specific configuration requirements

Identity Provider (IdP): An entity that generates an authentication assertion as proof that a user has been authenticated.

Identity Provider (IdP) initiated SAML Authentication: SAML Authentication starts at the Identity Provider, which is the client. The client sends a SAML Response that contains all necessary authentication information. An IdP initiated SAML Authentication contains only a Response, rather than a Request and a Response.

Relying Party: A term for the Service Provider as an entity trusting the Identity Provider to authenticate users.

SAML: Security Assertion Markup Language is an authentication protocol. Anaplan has implemented the standard SAML 2.0 framework. Further information on SAML can be found on Wikipedia http://en.wikipedia.org/ wiki/Security_Assertion_Markup_Language.

Server Type: Anaplan can deal with two distinct authentication protocols. The Anaplan SSO and SAML2.0. Choosing the "SAML" server type shows other fields to further define how the client's SAML SSO Server is configured.

Service Provider (SP): An entity providing a service (Anaplan is a Service Provider). To provide the service, the SP must receive authentication and authorization from the IdP.

Service Provider (SP) initiated SAML Authentication: SAML Authentication starts at the Service Provider, which is Anaplan. This triggers an AuthnRequest to a client. The client replies with a SAML Response. An SP Initiated SAML Authentication encapsulates both a Request and Response.

Single Sign On (SSO) Server: This can be provided by the SAML 2.0 protocol or through a custom built Anaplan SSO.

SSO User: Any client user that clicks on the "Friendly link" to access their models through SSO (SAML).