For increased security, Anaplan follows strict timeout and logout policies. The logout and timeout behaviors are designed to enforce that policy and require that users reauthenticate with their identity providers.
Logout
When you log out of Anaplan, your browser is redirected to a predefined URL for that tenant. Your Anaplan administrator might have established a specific SAML logout URL. If not, a static page appears. You can contact your Anaplan administrator to determine the friendly URL that allows you to log back into Anaplan.
Users of multiple tenants
Every Anaplan user is associated with a default tenant, which can only be associated with a single SAML logout URL. Generally, the default tenant is the organization that employs the Anaplan user.
However, in some cases, the Anaplan user is acting as a consultant.
Let's say the consultant's name is Aadya Srivastava, and they consult for CompanyA and CompanyB. The best practice is for the consultant to obtain a separate set of user credentials, unique to each company. For example, Aadya.Shrivastava.Consultant@CompanyA.com and Aadya.Shrivastava.Consultant@CompanyB.com. These credentials are for either for SSO authentication, or for a standard login.
When Aadya Shrivastava uses their CompanyA credentials, the logout behavior is from CompanyA. The same is true for the CompanyB example.
Note that if you are an SSO user, and you have logged out of your SSO system, this does not automatically log you out of Anaplan.
Timeout
For security reasons, Anaplan's idle timeout is set at 35 minutes. Users must log in again at the Anaplan login page. If your organization uses an Identity Provider (IdP):
- When it times out, you're prompted to authenticate at the IdP’s URL for your organization.
- If your browser is redirected to a static page, contact your administrator to determine the friendly URL to log into Anaplan.