Planhat supports SSO via the SAML 2.0 standard, the standard used by most leading SSO applications including ADFS, Azure AD and OKTA.

How to Access Single Sign-On

In the bottom left hand corner of the Planhat application click on your avatar, from the menu that will appear to the right, select "Integrations" then select "Single Sign-On".

How to Setup Single Sign-On

To setup Single Sign-On please follow the instructions below. 

  1. Create a new SAML 2.0 app integration in your SSO tool. (If you are using ADFS, see below)
  2. When you're asked for the SSO URL, assertion URL or callback URL enter: https://api.planhat.com/samlassert/[Company name].
  3. When asked for audience URL or SP entity id enter: https://api.planhat.com/samlmetadata/[Company name].
  4. Create an attribute nameID which will contain the user's email.
  5. Access the Single Sign-On application in Planhat by following the instructions above. Then Submit the Issuer, Entry Point and the identity provider's public PEM-encoded X.509 signing certificate details. 

The image below is displaying the Single Sign-On page in Planhat where you need to enter these details.

Single Sign-On Setup via Active Directory Federation Services (ADFS)

Those using Windows Server will need to create a Relying Party Trust.  To create a Relying Party Trust you need to do the following in your ADFS admin panel.

  1. Click "Add new relying party trust".
  2. Choose "Enter data about relying party manually".
  3. Choose "ADFS profile".
  4. Choose "Enable support for SAML 2.0" and enter: https://api.planhat.com/samlassert/[Company name]
  5. Add https://api.planhat.com/samlmetadata/[Company name] as relying party trust.
  6. Create attribute nameID which will contain user email.
  7. Submit issuer (your_org), entry point (https://[adfs_subdomain],[your_org_domain]/adfs/ls/) and public certificate on this page.

Important things you should know about Single Sign-On 

  • If the SSO integration is active (turned on), other sign in methods won't work.
  • Planhat SSO expects that users have already been created in Planhat. It will not automatically create new users.
  • Users or groups have to be assigned to the SAML application on the identity provider's side to be able to use SSO.
  • If a person signs into Planhat via SSO, then logs out from Planhat they will not be automatically logged out from their identity provider.
  • We only support one SSO per tenant.
  • The Planhat token for SSO is valid for 1 day.

Did this answer your question?