Self Service SAML uses metadata to populate the details of your service provider information in the identity provider connection.

The metadata consists of information such as: 

  • The sign-in and sign-out URLs. 
  • The X.509 certificate you have registered with Anaplan.
  • If your connection is a signed connection.

You can load your metadata from an XML file, or manually configure the metadata in your connection.

Note: Some identity providers do not support signed requests. If you create a connection with a provider that does not support signed requests, your connection is treated as unsigned.

The Metadata tab in the Single Sign-On feature.  The connector is named HumanResources. The Load from XML file option is selected with a URL set to the appropriate identity provider XML file.
  1. In the Metadata tab, specify a Connection Name that:
    • Matches the name of your connection in the identity provider interface.
    • Is no more than 128 characters. 
    • Includes only alphanumeric characters and hyphens.
    • Starts with an alphanumeric character.
    • Contains no spaces.
    • Is unique.
  2. Either:
    1. Load metadata from an XML file:
      1. Select Load from XML file.
      2. Enter the URL of the metadata XML file with your configuration information.
    2. Manually configure your metadata:

Note: Manual configuration of your connection metadata requires familiarity with SAML protocols.

      1. Specify the Sign-in URL.
        This informs Anaplan where to direct requests to the IdP to confirm the user’s identity.
        If you use Self Service SAML for the Excel or PowerPoint Add-ins, append ?svcId=auth to the end of the Sign-in URL.
      2. Optionally specify the Sign-out URL.
        This logs users out of both your IdP and Anaplan at the same time. If you don't specify a sign-out URL, then when users log out of Anaplan, their Anaplan session ends but the users are still logged-in to your IdP.
      3. Specify the X509 Certificate URL with the certificate to use for your public key. 
      4. Select the Signed toggle to indicate if the connection is a digitally-signed connection that uses an X.509 certificate. This is enabled by default. 
  1. Select Save to create the connection.

Once you save the connection, the Administration Console creates the service provider information you use to provide your details to your IdP.