1. Administration and security
  2. Security
  3. Single Sign-on (SSO)
  4. Assign Exception Users

When a workspace is assigned to SSO, all users are selected as an SSO user by default. Once SSO is set up, exception users can log in using SSO or log in using the standard login mechanism at the Anaplan URL: https://sdp.anaplan.com/frontdoor/login.

Note: Your organization should only use Exception Users for:
  • users who run v2 and v1.3 APIs and authenticate using basic authentication
  • support situations
Therefore, it is a best practice to keep the number of exception users to a minimum or use Certificate Authority authentication.

To assign a user as an Exception User, clear the Single Sign-on checkbox for that user in the Users tab within Settings.

Warning: Once SSO is set up, users can only access Anaplan using SSO unless they are an Exception User. We therefore recommend that your organization assigns at least one exception user.
Your business must schedule an appropriate time to enforce SSO. It is essential that your organization educates end-users on accessing the Friendly URL. Note that the Friendly URL format has specific configuration requirements.

Enforce SSO Authentication

By default all users are assigned as an SSO user. If you need to enforce SAML SSO authentication for an Exception User so that they can no longer use the standard login mechanism at the Anaplan URL:

  1. Click Settings > Users
  2. Select the Single Sign-on checkbox of the Exception User user for which you want to enforce SSO.
  3. If you have more than one workspace, repeat this step for each workspace.
Note: This associates SSO with a model to which the user has access in the workspace. Once SSO is enforced for a user, they cannot log in with their user name and password at the Anaplan URL.