Setup Anaplan XL Web to use an SAML 2.0 compliant identity provider service to handle user authentication.
Provider setup
You need to create a new application or service provider. Use the details below where:
Servername = your xlcubedweb server address, for example, http://someserver/xlcubedweb. This needs to match what the users would type into a web browser on the Excel publication screen.
XlCubedurl = servername/webform/auth.aspx, for example, http://someserver/xlcubedweb/webform/auth.aspx.
The list below provides possible information you will need to supply:
| Field | Value |
| Single sign On URL | xlcubedurl |
| Recipient URL | xlcubedurl |
| Destination URL | xlcubedurl |
| SP Entity ID | FluenceXLWeb |
| Audience URI | FluenceXLWeb |
| Audience Restriction | FluenceXLWeb |
Attributes
The NameID attribute is used as the key for users to store user-specific information such as "My Reports", reports, bookmarks, or workbook aspects. Any format should be fine.
These optional attributes can also be included:
| Attribute | Description | Example |
| DisplayName | The text to display when the user is listed. | Joe Bloggs |
| The email address of the user, would be used when emailing alerts, for example. | joe.bloggs@xlcubed.com | |
EffectiveUser | User-id for connections that support this option. See "Datasources" section for more information. | cubeuser |
EffectiveRole | Comma-delimited list of Cube Roles to use for this user. See "Datasources" section for more information. | Accounts, Management |
MemberOf | Comma-delimited list of SIDs or active-directory group paths the user belongs to, this is used to determine which FluenceXL Roles the user belongs to. | S-1-5-21-1085031214 |
Roles | Comma-delimited list of FluenceXLWeb Roles the user belongs to, this controls which folders and reports they can see and what level of access they have. | Authenticated Users, Upper Management |
SQLContent | Text value that will be passed as a read-only session context to SQL connections. (You can use SELECT SESSION_CONTEXT(N'xlcubed_context'); to retrieve that value). | SQLValue1 |
For providers that don't enable custom attributes you can use the "AuthEffectiveUserClaim" AppSetting setting in the web.config to define which attribute to use, for example to use the Email from a Microsoft Azure setup:
<add key="AuthEffectiveUserClaim" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
Per the setup of Active Directory users, it may be more appropriate to use:
<add key="AuthEffectiveUserClaim" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" />
Mobile access
For access from the Anaplan XL Mobile app, set the repository to Require login and to use the Browser-based login.
Limitations
Offline reports can't be scheduled to update or be refreshed
Set a schedule
To enable access from the Anaplan XL Scheduler, tick the Enable scheduler access. This creates a special secret key that allows the Scheduler service to access Anaplan XL Web. This is limited to only enable access from the same machine as Anaplan XL Web is running.
Limitations
You can't use Distribution lists based on Roles because the Scheduler can't get the list of role members from the identity provider.
