Enrolling in Planview ID is as simple as contacting Customer Care to request that your organization be enrolled!
Before we dive deeper these are the benefits that you can expect to receive from Planview ID:
- A centralized user management experience for your organization's administrators to view and manage users' access across all Planview products
- The ability to keep your users in sync across all Planview products
- A single username and password for users across all Planview products
- One time setup of Single Sign-On for use with all Planview products
PVID is an authentication platform that allows organizations to provide a shared login experience for their users by unifying user access to Planview products. Similar to using single sign-on, users will be able to seamlessly access multiple Planview products from a single point of access. If your organization uses SSO, then your users' experiences will be largely unchanged (see Using PVID with SSO for more information).
Once PVID is configured and activated for your users, when they sign in they will see a set of "tiles" that represent the products they have access to. Clicking the tile launches the application; alternatively products can still be reached directly from product URLs.
Organizations using Planview ID need at least one administrator (referred to as the "customer admin") to facilitate connecting products and administering users.
The audience for these Planview ID topics is customer administrators for Planview ID (PVID). PVID customer administrators are responsible for granting users access to appropriate Planview products, as well managing usernames and passwords, and SSO configuration for organizations who use it. They can designate additional administrators to back them up or share the work.
To ensure we are all on the same page, some definitions:
- PVID Customer - an organization that has access to PVID
- Tenant - A customer's product instance. For example, a PPM Pro production instance and a PPM Pro sandbox instance would be 2 tenants for the same customer. A Projectplace instance is another tenant.
- Customer admin - PVID user with permission to connect products and manage users, who is also an admin in the tenant instance.
- Mapped user - A tenant user whose user record has been connected with PVID. Will show up in the PPM Pro/PP "Mapped Users" tab.
- Unmapped user - A user whose tenant user record is not connected to PVID either because they do not have a tenant email address at all (so can't map to any product instance), or their email address in PVID does not match the email in the connected product instance, or they have an email address that is in use by other users (note that the latter 2 scenarios typically occur when you connect additional tenants). Will show up in the PPM Pro/PP "Unmapped Users" tab.
- Active/Inactive users - An Active user has completed the PVID registration process by supplying a password requested in the automated email that was sent to the user inviting them to create a PVID account. Users are inactive until the registration process is complete. For SSO users, the email will include a link that will directly log the user in to the target product instance once validation is received from their IDP.
Before connecting any products with Planview ID it is critical that you ensure all users/resources have email addresses configured in the product that you are connecting.
Notify Customer Care that your organization would like to use PVID. Planview will help you provision a customer administrator, who then does the following:
- Log in to the PVID console and familiarize yourself with it, perhaps peruse the doc!
- Communicate to end users that they will be invited to create an account.
- Add a product (PPM Pro and/or Projectplace). Adding a product automatically imports all active users that have email addresses configured from the target product and sends the account creation invitation email. See Adding a Product to Planview ID.
- For SSO users, the email will include a link that will directly log the user in to the target product once validation is received from their IDP.
- For non-SSO users, a popup appears prompting for a new password to complete the registration.
- Review mapped/unmapped users.
- Optionally configure SSO. See below or Using PVID with SSO.
- Activate Planview ID. See Activating/Deactivating Planview ID.
- Ongoing: when tenant users are added/deleted/made inactive, the system does an automatic sync every hour. You can sync on-demand by clicking the Sync Users option from the menu on the product tile, or you can click Manage Product and then click the Sync Users button in the tenant user page.
Prior to connecting a product - PPM Pro or Projectplace - it's a good idea to take a look at the respective product's resource records and check that they have email addresses. The system will use email addresses to map users to products. It's cleanest if PPM Pro and Projectplace users have the same email address. However, if a user has a different email for each product, you can resolve by mapping.
Setting Up SSO
If your organization already uses SSO, please do the following:
- Your IT department (or whoever is responsible for SSO in your organization) will need to set up a new application against the Planview ID IDP metadata located at:
- In the "Reply URL" field in your IDP configuration (often referred to as "Assertion Consumer Service URL"), the following value should be configured:
- Once the new application has been set up in your SSO provider navigate to the Settings tab in Planview ID.
- Enable SSO by sliding the toggle to the right. You'll see two radio buttons that provide options for getting the SAML meta data.
- Choose to either:
- Enter the URL to download SAML meta data. If a URL is provided, the metadata will be refreshed every 24 hours.
- Enter SAML metadata XML manually. After saving the configuration, the metadata XML is downloaded from the URL and used to connect to the IDP.
- Optionally enter a SAML Username Attribute.