Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

On this Page

Table of Contents
maxLevel2
excludeOlder Versions|Additional Resources|Related Links|Related Information

Overview

This account is used by Snaps in the Anaplan Snap Pack.

Note

Anaplan CA Certificates Migration

Anaplan is extending the deadline to migrate to Certificate Authority (CA) certificates to February 26, 2020 when Anaplan will update their production certificate. This will replace validation for Anaplan certificates, wherein existing Anaplan certificates will cease to work once this certificate is issued. This new certificate is to be used for existing clients on the legacy certificate authentication. This certificate will NOT work on clients using the CA certificates. Anaplan recommends that customers update their integration clients to a version that supports Certificate Authentication 2.0 that uses a CA certificate.

What are we doing?

We have upgraded our Anaplan Snap Pack to v2.0 APIs as of SanpLogic Release 4.15 (November, 2018). The upgraded Anaplan Snap Pack only supports v2.0 APIs with basic and certificate authority authentication, and does NOT support the Anaplan-generated certificate option. 

In basic authentication, the username and password is sent to the Anaplan Server, over SSL. Certificate authority authentication requires a certificate and a private key to verify the user to the Anaplan Server. To support this, Certificate file and Certificate der properties are replaced with External certificate file, External certificate contents, and External private key properties that require a CA-supplied certificate to authenticate. The Anaplan certificate is stored locally and on the Anaplan server. The private key is never sent to the Anaplan server and is used to generate a one-time passcode (nonce) that is sent along with the certificate. The public key portion of the certificate is used to verify the contents of the nonce and validate the user.

We recommend you to plan ahead and either switch to basic authentication or have the certificate authority authentication ready by February 26, 2020. Contact support@snaplogic.com if you face any issues while migrating to basic or CA authentication.

How can you migrate to CA-signed certificates?

Prerequisites

Purchase and implement a certificate chain that meets the following requirements:

  • Starts from your user certificate to the root CA and ends at a supported Public Root CA.
  • Conforms to the X-509 public-key certificates.
  • Is generated using the RSA-2048–or stronger–algorithm.
  • Contains your email address in either of the following fields:
    • The X509v3 Subject Alternative Name field (preferred).
    • The EMAILADDRESS field in the Subject.
      Set the email address using the EMAILADDRESS attribute and not the CommonName attribute.

  • Contains a X509v3 Key Usage Digital Signature bit.
    Anaplan ignores all other bits.

  • Provides a way to confirm revocation using the Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).

Uploading the certificate

  1. Login to Anaplan Front Door with your credentials.

  2. Click  and select Administration.


  3. In the Administration menu, click Security > Certificates > Add Certificates.

    The Add Certificate dialog box appears.

  4. Browse and select your certificate files and click Import Certificates to upload them to the Anaplan server.

    You can now see the newly added certificate in the Certificates list.

Action required by you

Depending on the authentication method you use, perform the steps mentioned in the following table.

Authentication methodAction required with the updated Anaplan Snap Pack
Basic username and passwordNo action required.
CA certificateUpdate the Anaplan Account settings and enter relevant information in External certificate file, External certificate contents, and External private key properties. See Creating an Account, below, for more details.
Self-signed Anaplan CertificateOnce you upgrade your Snaplex instances to 4.20, you must roll back to the previous version of the Anaplan Snap Pack. Click here for instructions on roll back.
Anaplan certificate expires on February 26, 2020. You must download the new certificate and update the Anaplan Snap account with the new certificate. Click here for instructions to download the new Anaplan certificate.



Creating an Account

You can create an account from Designer or Manager. In Designer, when working on pipelines, every Snap that needs an account prompts you to create a new account or use an existing account. The accounts can be created in or used from:

  • Your private project folder: This folder contains the pipelines that will use the account.
  • Your Project Space’s shared folder: This folder is accessible to all the users that belong to the Project Space.
  • The global shared folder: This folder is accessible to all the users within an organization in the SnapLogic instance.

Account Configuration

In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an Anaplan account: 

  1. Click Create, then select Anaplan > Anaplan Account.
  2. Enter an account label.
  3. For basic authentication, enter the UsernamePassword, and Anaplan hostname
  4. (Optional) Supply additional information on this account in the Notes field of the Info tab.
  5. Click Apply


Anaplan Account

Label

Required. User provided label for the account instance.

Username


Required. The name for this account. This property is mandatory for basic authentication.

Default value: None

Password


Required. The password for the account. This property is mandatory for basic authentication.

Default value: None

Anaplan hostname


Required. The hostname for Anaplan REST API service.

Example: https://api.anaplan.com

Default valuehttps://api.anaplan.com

External certificate file

Link of the certificate file that you have uploaded.

You can use a certificate file instead of a username/password to simplify login. Click  to select the file and upload it into SnapLogic. Specifying External certificate contents is more secure than specifying the External certificate file because the certificate content is encrypted; whereas an uploaded certificate file is not encrypted.

Default value: None

External certificate contents

Specifies the contents of your certificate file. 

The certificate typically has the following format:

Code Block
-----BEGIN CERTIFICATE-----
<certificatecontent_string>
-----END CERTIFICATE-----

Specifying External certificate contents is more secure than specifying the External certificate file because the certificate content is encrypted; whereas an uploaded certificate file is not encrypted.

Default value: None

External private key

Specifies the plain-text version of your private key.

Note

If you have an encrypted private key, you must decrypt it using OpenSSL and the passphrase that was used for encryption. Perform the following steps in a terminal window to get the plain-text version of your private key:

  1. openssl rsa -in [file1.key] -out [file2.key]

    Info

    [file1.key] and [file2.key] are key files. [file1.key] contains the private key in binary format, and [file2.key] contains the plain-text output version that begins with -----BEGIN RSA PRIVATE KEY----- and ends with -----END RSA PRIVATE KEY-----.


  2. Enter the passphrase.   
  3. Copy the contents of [file2.key] and paste it in the External private key field.

Default value: None

Account Encryption

Standard Encryption

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.

Enhanced Encryption

If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.

Account:

  • HighPassword
  • Medium + HighUsername, password
  • Low + Medium + HighUsername, password



Troubleshooting

If a validation error occurs after you enter the certificate and private key in Accounts, verify the following:

  • Check the certificate format. It must be in plain text and start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.
  • Check the private key format. It must be in plain text and start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.

Excerpt Include
Anaplan Snap Pack
Anaplan Snap Pack
nopaneltrue