CA authentication
CA authentication enables you to use certificates from an external public CA with Anaplan APIs and Anaplan Connect. Your users must submit certificates with a valid, recognized external public CA as the root certificate. As the tenant administrator, you can register and manage these certificates in Anaplan.
Why use CA certificates?
CA authentication offers a certificate hierarchy known as the chain of trust. This enables you to verify the validity of a certificate issuer. It also aligns with industry standards and provides a higher level of security for Anaplan customers.
If you use CA certificates, this enables:
- Anaplan customers who use data integrations to authenticate API sessions.
- API users to use CA certificates instead of a user name and password.
Additionally, Anaplan customers who use data integrations enabled for Single Sign-On (SSO) can:
- Submit a CA certificate to authenticate API sessions and receive a Java Web Token (JWT).
- Use a CA even if its password has expired.
If your certificate expires, you must obtain a new one for successful CA authentication.
Customer responsibilities
If you use CA authentication, you assume responsibility for your users' certificates. You must:
- Procure certificates from either a:
- Supported CA
- Intermediary whose chain ends in a supported Public Root CA by submitting a Certificate Signing Request (CSR).
- Keep private keys safe. Stolen keys mean that users can be impersonated.
With CA authentication, tenant administrators can use the Anaplan Administration console to:
- Register your users' certificates with Anaplan.
- Manage your users' certificates and renew them when they expire.