Merge pull request #227568 from v-hgampala/anaplan

American-Dipper · web-flow · commit ba330c105537 · 2023-02-16T15:45:46.000-08:00
Product Backlog Item 2416538: SaaS App Tutorial: Anaplan Update
diff --git a/articles/active-directory/saas-apps/anaplan-tutorial.md b/articles/active-directory/saas-apps/anaplan-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 02/16/2023
 ms.author: jeedes
 ---
 # Tutorial: Azure AD SSO integration with Anaplan
@@ -65,28 +65,70 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. In the Azure portal, on the **Anaplan** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click the copy icon to copy the **App Federation Metadata URL** and save this to use in the Anaplan SSO configuration.
+
+    ![The Certificate download link.](common/copy-metadataurl.png)
+
+## Configure Anaplan SSO
+
+1. Log in to Anaplan website as an administrator.
+
+1. In the Administration page, navigate to **Security > Single Sign-On**.
+
+1. Click **New**.
+
+1. Perform the following steps in the **Metadata** tab:
+
+    ![Screenshot for the security page.](./media/anaplan-tutorial/security.png)
+
+    a. Enter a **Connection Name**, should match the name of your connection in the identity provider interface.
+
+    b. Select **Load from XML file** and paste the App Federation Metadata URL you copied from Azure portal into the **Metadata URL** textbox.
+
+    c. Click **Save** to create the connection.
+    
+    d. Enable the connection by setting the **Enabled** toggle.
+
+1. From the **Config** tab, copy the following values to save them back to the Azure portal:
+
+    a. **Service Provider URL**.
+    b. **Assertion Consumer Service URL**.
+    c. **Entity ID**.
+    
+### Complete the Azure AD SSO Configuration
+
 1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
-   ![Edit Basic SAML Configuration](common/edit-urls.png)
+   ![Edit Basic SAML Configuration.](common/edit-urls.png)
 
-4. On the **Basic SAML Configuration** section, perform the following steps:
+1. On the **Basic SAML Configuration** section, perform the following steps:
 
-    a. In the **Sign on URL** text box, type a URL using the following pattern:
-    `https://sdp.anaplan.com/frontdoor/saml/<tenant name>`
+    a. In the **Identifier (Entity ID)** text box, paste the Entity ID that you copied from above, in the format:
+    `https://sdp.anaplan.com/<optional extension>`
 
-    b. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
-    `https://<subdomain>.anaplan.com`
+    b. In the **Sign on URL** text box, paste the Service Provider URL that you copied from above, in the format:
+    `https://us1a.app.anaplan.com/samlsp/<connection name>`
+    
+    c. In the **Reply URL (Assertion Consumer Service URL)** text box, paste the Assertion Consumer Service URL that you copied from above, in the format:
+    `https://us1a.app.anaplan.com/samlsp/login/callback?connection=<connection name>`
 
-    > [!NOTE]
-    > These values are not real. Update these values with the actual Sign on URL and Identifier. Contact [Anaplan Client support team](mailto:support@anaplan.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+### Complete the Anaplan SSO Configuration
+
+1. Perform the following steps in the **Advanced** tab:
+
+    ![Screenshot for the Advanced page.](./media/anaplan-tutorial/advanced.png)
+
+    a. Select **Name ID Format** as Email Address from the dropdown and keep the remaining values as default.
 
-5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
+    b. Click **Save**.
 
-    ![The Certificate download link](common/metadataxml.png)
+1. In the **Workspaces** tab, specify the workspaces that will use the identity provider from the dropdown and Click **Save**. 
 
-6. On the **Set up Anaplan** section, copy the appropriate URL(s) as per your requirement.
+    ![Screenshot for the Workspaces page.](./media/anaplan-tutorial/workspaces.png)
 
-    ![Copy configuration URLs](common/copy-configuration-urls.png)
+    > [!NOTE]
+    > Workspace connections are unique. If you have another connection already configured with a workspace, you cannot associate that workspace with a new connection.
+To access the original connection and update it, remove the workspace from the connection and then reassociate it with the new connection.
 
 ### Create an Azure AD test user 
 
@@ -112,49 +154,9 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
-## Configure Anaplan SSO
-
-1. Login to Anaplan website as an administrator.
-
-1. In Administration page, navigate to **Security > Single Sign-On**.
-
-1. Click **New**.
-
-1. Perform the following steps in the **Metadata** tab:
-
-    ![Screenshot for the security page](./media/anaplan-tutorial/security.png)
-
-    a. Enter a **Connection Name**, should match the name of your connection in the identity provider interface.
-
-    b. Select **Load from XML file** and enter the URL of the metadata XML file with your configuration information in the **Metadata URL** textbox.
-
-    C. Enabled the **Signed** toggle.
-
-    d. Click **Save** to create the connection.
-
-1. When you upload a **metadata XML** file in the **Metadata** tab, the values in **Config** tab pre-populate with the information from that upload. You can skip this tab in your connection setup and click **Save**.
-
-    ![Screenshot for the configuration page](./media/anaplan-tutorial/configuration.png)
-
-1. Perform the following steps in the **Advanced** tab:
-
-    ![Screenshot for the Advanced page](./media/anaplan-tutorial/advanced.png)
-
-    a. Select **Name ID Format** as Email Address from the dropdown and keep the remaining values as default.
-
-    b. Click **Save**.
-
-1. In the **Workspaces** tab, specify the workspaces that will use the identity provider from the dropdown and Click **Save**. 
-
-    ![Screenshot for the Workspaces page](./media/anaplan-tutorial/Workspaces.png)
-
-    > [!NOTE]
-    > Workspace connections are unique. If you have another connection already configured with a workspace, you cannot associate that workspace with a new connection.
-To access the original connection and update it, remove the workspace from the connection and then reassociate it with the new connection.
-
 ### Create Anaplan test user
 
-In this section, you create a user called Britta Simon in Anaplan. Work with [Anaplan support team](mailto:support@anaplan.com) to add the users in the Anaplan platform. Users must be created and activated before you use single sign-on.
+In this section, you create a user called Britta Simon in Anaplan. Work with [Anaplan support team](mailto:support@anaplan.com) to add the users in the Anaplan platform. Users must be created and activated before you use single sign-on.
 
 ## Test SSO
 
@@ -168,4 +170,4 @@ In this section, you test your Azure AD single sign-on configuration with follow
 
 ## Next steps
 
-Once you configure Anaplan you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Anaplan you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
