Once you save your single sign-on (SSO) connection, Anaplan generates information for you to share with your identity provider (IdP) as part of the configuration process.
Anaplan information includes:
- A URL to a metadata file for the Anaplan service provider information.
- An Anaplan X.509 certificate for you to share with your IdP.
- A service provider sign-out URL.
- An Assertion Consumer Service (ACS) URL.
Anaplan requires that your identity provider:
- Sign all SAML responses.
- Support urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress as the NameIDFormat.
Note: If you want to enable response encryption, you can use the same certificate that you use for signed requests.
To access your details:
- In Administration, navigate to Security > Single Sign-On.
- Select your IdP connection.
Your service provider information can be found in either the Metadata tab or Config tab.
| Service provider information | Location | Description |
| Anaplan X.509 Certificate | Metadata | If your IdP validates the certificate used for the connection, download this certificate and provide it to your identity provider. |
| Assertion Consumer Service URL | Config | Also known as a Destination or Recipient URL. If you need to provide this URL manually to your IdP, use this value. |
| SP Metadata XML URL | Metadata | Provides most of the details of your single sign-on configuration in Anaplan. Use this URL to import this information into your IdP through their interface. |
| SP Sign-out URL | Metadata | If you need to manually provide a sign-out URL to your IdP, use this value. |
