If you have access to Certificates in Anaplan, you can register and maintain certificates as part of Certificate Authority (CA) authentication.
Certificate Authority (CA) Authentication
Certificate Authority (CA) authentication lets you use certificates from an external public certificate authority with Anaplan APIs and Anaplan Connect. To use CA authentication with Anaplan APIs and Anaplan Connect, your users must submit certificates with a valid, recognized external public CA as the root certificate. As the Tenant Administrator, you can register and manage these certificates in Anaplan.
Why use CA Certificates?
CA authentication offers a certificate hierarchy known as the "chain of trust" that enables you to verify the validity of a certificate issuer. This aligns with industry standards and provides a higher level of security for Anaplan customers.
Using CA certificates:
- Anaplan customers who use data integrations can authenticate API sessions.
- Anaplan customers who use data integrations enabled for Single Sign-On (SSO) can:
- Submit a CA certificate to authenticate API sessions and receive a Java Web Token (JWT)
- Use the CA even if passwords have expired
- API users can use CA certificates instead of entering a username and password
Customer Responsibilities
If your organization uses CA Authentication, your organization assumes responsibility for your users' certificates. You must:
- Procure certificates from:
- a supported CA, or
- an intermediary whose chain ends in a supported Public Root CA by submitting a Certificate Signing Request (CSR)
- Keep private keys safe - stolen keys mean that users can be impersonated.
With CA authentication, Tenant Administrators can further use the Anaplan Administration console to:
- Register your users' certificates with Anaplan.
- Manage your users' certificates and renew them when they expire.