Identity Provider (IdP) setup

In this section you should consult the topic for Planning Space tenant configuration, and also the topic for the specific server/service that you will setting up as an IdP.

For version 16.5 Update 7 and later: Interactions between IPS Server and external IdP servers are logged in the 'TenantAuthentication' log file.

For version 16.5 Update 12 and later: Automatic provisioning of SAML2 tenant user accounts is possible based on the Identity Provider. This means that a new tenant user account can be created automatically when a user logs in to Planning Space for the first time using an account that is defined (and enabled to access Planning Space) by the Identity Provider's domain authentication services. It is also possible to externally control the Planning Space user's membership of workgroups - by editing the user's domain account the Planning Space SAML2 account will synchronize whenever the user logs in to Planning Space. For configuration details see Automatic provisioning of tenant user accounts.

For version 16.5 Update 16 and later: Support is provided for Planning Space client logins that are initiated by the IdP server. This allows sign-ins from an IdP web portal/gateway page (which will typically display a list of available service providers), if this is supported by the IdP.