Register and maintain your Certificate Authority (CA) certificates as part of your CA authentication.
CA authentication
CA authentication enables you to use certificates from an external public CA with Anaplan APIs and Anaplan Connect. Your users must submit certificates with a valid, recognized external public CA as the root certificate. As the tenant administrator, you can register and manage these certificates in Anaplan.
Why use CA certificates?
CA authentication offers a certificate hierarchy known as the chain of trust. This enables you to verify the validity of a certificate issuer. It also aligns with industry standards and provides a higher level of security for Anaplan customers.
If you use CA certificates, this enables:
- Anaplan customers who use data integrations to authenticate API sessions.
- API users to use CA certificates instead of a user name and password.
Additionally, Anaplan customers who use data integrations enabled for Single Sign-On (SSO) can:
- Submit a CA certificate to authenticate API sessions and receive a Java Web Token (JWT).
- Use a CA even if its password has expired.
If your certificate expires, you must obtain a new one for successful CA authentication.
Customer responsibilities
If you use CA authentication, you assume responsibility for your users' certificates. You must:
- Procure certificates from either a:
- Supported CA
- Intermediary whose chain ends in a supported Public Root CA by submitting a Certificate Signing Request (CSR).
- Keep private keys safe. Stolen keys mean that users can be impersonated.
With CA authentication, tenant administrators can use the Anaplan Administration console to:
- Register your users' certificates with Anaplan.
- Manage your users' certificates and renew them when they expire.