Contents x
    Single Sign On
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Single Sign On

    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Planful SAML Integration

    Planful, acting as a Service Provider (SP), provides integration with Identity Providers (IdP), otherwise referred to as SAML Providers, to allow Identity Provider initiated Single Sign On across your numerous end-user applications. It is not Planful intention to provide a software solution but to integrate with existing Identity Providers to leverage their solutions for delivering SSO. The information contained within this document will provide you with an introduction to how Planful integrates with Identity Providers, information that is required from IdPs to integrate, and information that Planful will expect for proper authentication and authorization.

    Note:
    Contact Planful Support to configure Planful's Single Sign-On Integration with your Identity Provider.

    Planful Integration Overview

    Planful leverages a DLL and several XML files to define the IdPs, their connection information, and the “circle of trust”. The circle of trust is a list of identifiers of the various systems that are part of the SAML SSO process. The additional configuration files define the IdPs, their attributes, and how they will communicate with Planful. Planful will expect, at the very least, an e-mail address (for login to our application), a Company ID (i.e. Planful customer), and an IdP Entity ID (i.e. IdP qualifier) for determining the correct IdP when evaluating a user. We support Identity Provider initiated authentication only at this point (no Service Provider authentication supported).

    Identity Provider Configuration Items

    The information that is required from the IdP is for configuration of our native DLL, which is constructed from an open source SSO solution and related configuration files. The following information is required for proper setup:

    • IdP Entity ID (also called Issuer ID) – this is the identification of the Identity Provider, such as Okta, for example – fed.monsanto.planful.saml2 or a generic code which defines the IdP (i.e. WFWE78909D034SDF).

    • IdP URL – for example – https://ssoportal.monsanto.com/IdPServlet?idp_id=fed.monstanto.planful.saml2

    • IdP Digital Certificate – also known as the IdP’s public key. This key is used to sign all assertions sent to Planful and will automatically handle validating the assertion (i.e. request for login) against the key.

    Planful Configuration Items

    The following items are items which most Identity Providers will require from their Service Providers. These items will be provided by Planful to ensure proper IdP configuration.

    • Service Provider ID – this is the identification of Planful as a Service Provider. For example – fed.identropy.planful.saml2

    • Service Provider URL – this is URL for which the IdP will send the assertion to Planful where we will read the request. For example – https://epm.planful.com/validatesso.aspx

    Planful Sign on Information

    The following items are expected to be passed to Planful to securely authenticate and authorize a user within Planful. This information is needed to identify a user and determine the Entity ID passed along.

    • User ID – e-mail address for end user – for example – bsmith@monsanto.com

    • IdP Entity ID – see above for description

    Was this article helpful?
    What's Next

      Planful. 150 Spear Street, Suite 1850, San Francisco, CA 94105

    • Copyright © 2024 Planful. All Rights Reserved.

    Terms of Use - Privacy Policy