Integrate Planhat with Conditional Access

In this topic, you will find general instructions on how to integrate Planhat with Portnox™ Conditional Access for Applications.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with Planhat.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Applications option.

  3. On the Applications screen, click on the Add application button, and select the Add new SAML application option.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this application section.
  5. In the Application details section, enter an Application name and optionally a Description.

    In this example, we used the name Planhat for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your Planhat security settings

In this section, you will access the Planhat administrative interface and find the security settings page, which includes settings for single sign-on (SSO).

  1. In another tab of your browser, open Planhat by logging in on the https://app.planhat.com/login page.

    From now on, we will call this tab the Planhat tab.

  2. In the left-hand side menu, hover your mouse pointer over your user icon in the bottom-left corner, and then select the Security option from the context menu. Then, scroll the Security pane down to the SINGLE SIGN-ON section.

Copy configuration values from the Portnox tab to the Planhat tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the Planhat SAML SSO setup section.

  1. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Identity Provider Entity ID / Audience URI field to copy the value.

  2. In the Planhat tab, click on the empty field under the Issuer || Audience URI || SP Entity ID label and paste the value copied from Portnox Cloud.

  3. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Sign-In URL / SSO URL field to copy the value.

  4. In the Planhat tab, click on the empty field under the Entry Point || Reply URL || Assertion URL || SSO URL label and paste the value copied from Portnox Cloud.

  5. In the Portnox tab, in the Certificates > Signing certificates section, click on the  ⋮  icon next to the Active certificate and select the Copy certificate option to copy the certificate.

  6. In the Planhat tab, click on the empty field under the Identity Provider's Public Signing Certificate label and paste the value copied from Portnox Cloud.

Copy configuration values from the Planhat tab to the Portnox tab

In this section, you will copy the values displayed in the Planhat SSO setup section, and paste them in the relevant fields in Portnox Cloud.

  1. In the Planhat tab, click on the Show Instruction link to display configuration values that are specific for your Planhat tenant.

  2. In the Planhat tab, select the URL listed in item 3 and use your operating system’s copy shortcut to copy the value to the clipboard.

  3. In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and paste the value copied from Planhat.

  4. In the Planhat tab, select the URL listed in item 2 and use your operating system’s copy shortcut to copy the value to the clipboard.

  5. In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and paste the value copied from Planhat.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and Planhat.

  1. Finalize the configuration in the Portnox tab
    1. Optional: In the POLICY ASSIGNMENTS section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
    2. Scroll all the way down to the end of the page, and then click on the Save button.

  2. Finalize the configuration in the Planhat tab
    1. In the Initiator field, select the Service Provider (SP) and Identity provider (IdP) option.

    2. In the Disable SAML AuthnContext field, select the Yes option.

    3. In the Users that are allowed to use username&password or "Sign in with Google" when SSO is turned on field, select an administrator or administrators who should be able to log in using methods other than Conditional Access.

      Note: We recommend that you select at least one administrator before testing the configuration to make sure that you do not lock yourself out of the application if you make a mistake while configuring the integration.
    4. Click on the Save button to save the configuration.

Result: You have configured Planhat to be accessible using Portnox Conditional Access for Applications.