Single Sign-On

Set up Single Sign-On

Easily set up and configure Plannuh's single sign-on integration

Introduction 

Many organizations use Single Sign-On (SSO) as a mechanism to centralize management of authorization and to simplify life for their employees by reducing the need for managing multiple sets of login credentials. 

Plannuh provides an integration option for customers to leverage the Identity Provider used for their SAML-compliant SSO solution to authenticate users who access Plannuh’s SaaS platform to prove and improve the business value of their marketing. 

Integration Process 

There are four steps for integrating your SSO with Plannuh (the assumption here is that you have the role of Plannuh Admin for your account): 

1. Talk to your Plannuh Customer Success Manager 
2. Plannuh provides configuration settings to your IT team 
3. Your IT team provides you with your company’s SSO configuration file
4. You upload the SSO configuration file into Plannuh 

At that point your users will be able to authenticate with Plannuh using your company’s SSO!

Step 1 - Talk to your Plannuh Customer Success Manager 

The first step is to inform your Plannuh Customer Success Manager (CSM) that you’d like to enable SSO. They will confirm the custom Plannuh subdomain that you would like to use. Typically customers will use the same domain as used for their corporate website. So if your company website is www.mycorpxyz.com, then your users would access Plannuh from mycorpxyz.plannuh.com (if you are using our US-based hosting site) or mycorpxyz.eu.plannuh.com (if you are using our EU-based hosting site). Your CSM will then enable SSO for your Plannuh account. 

Step 2 - Plannuh provides configuration settings for your IT team 

Plannuh will then provide the specific settings that your IT team will need to update so that your SSO knows how to communicate with Plannuh. This includes a few key pieces of information:

1. The details about identifying that the request is coming from Plannuh, so that your SSO knows that Plannuh is allowed to ask whether users are authenticated. 

• For ADFS this will involve adding to Relying Party Trusts an entry for Plannuh and specifying the “Relying party identifier”. 
• For Google this means adding a custom SAML app and specifying an “Entity ID”.
• For Okta this means setting “Audience URI (SP Entity ID)”. 

2. The URL endpoint that your SSO will send the result of authentication. 

• For ADFS this is called “Trusted URL”. 
• For Google this is called “ACS (Assertion Consumer Service) URL”. 
• For Okta this is called “Single sign on URL”. 

3. . Details about how to map information from the SSO response about the specified user -

• Email Address
• Given name (first name)
• Surname (last name)

For Okta, you may also want to configure the SSO bookmark. If you follow the steps in this link, in step #7 set the url to your custom domain (like http://mycorpxyz.plannuh.com or http://mycorpxyz.eu.plannuh.com). 

Step 3 - Your IT provides you with your company’s SSO configuration file

Your IT team then provides you with your company’s SAML v2.0 metadata XML file. This defines the metadata about your SSO that Plannuh will need to connect. 

Step 4 - You upload the SSO configuration file into Plannuh

Now you log into Plannuh (assuming that you are the account owner), go to the admin menu, and select Integrations > SSO Settings: 

Then browse to the location of the SAML v2.0 XML configuration file that your IT team provided you, and click OK: 

At the bottom of that dialog box you’ll see the URL that you and your team will be able to use to leverage SSO authentication. If you go to that location and are already logged in, then you’ll be redirected to Plannuh immediately. If not, then you’ll be prompted for your corporate user ID and password as per your corporate policy. 

Please note that this SSO integration only manages authentication. You will still need to give individuals specific permissions, such as read-only access to a specific budget and segments, via the Plannuh My Team page, using the same email address that is associated with their SSO account. If someone tries to access Plannuh using SSO without permissions defined (this match is based on their email address), then they will be directed to speak to their Plannuh administrator. We recommend setting up permissions before having people log in to Plannuh. 

Here is a view of permissions from the Plannuh My Team page: