Using Azure AD for SSO
  • 02 May 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Using Azure AD for SSO

  • Dark
    Light
  • PDF

Article summary

This guide will teach you how to configure SAML-based Single Sign-On with Azure AD for Clarity.

Estimated time to complete: 30 minutes

If you encounter any problems, please contact your support team or support@claritysecurity.io.

Before You Begin

To successfully configure Single Sign-On with Azure AD,  you'll need the following pre-requisites before you begin:

  1.  Admin access within your Azure AD instance
    •  Note: If you do not have admin access, contact your Azure AD admins for provisioning.
  2. Admin access within your Clarity Security tenant
    •  Note: If you are a full admin in Clarity Security and get a permission error when trying to add a new application, reach out to support@claritysecurity.io.

How to Setup the Connector

Step 1: Log in to Azure Portal:

Log in to the Azure Portal by heading to the URL below.

https://portal.azure.com

Step 2: Search for Azure Active Directory

Search for Azure Active Directory (AAD) and click the option.

Azure Active Directory

Step 3: Click Enterprise Applications

Click Enterprise Applications on the left side of the Azure Active Directory (AAD) page.

Enterprise Applications

Step 4: Click New Application

Click on New Application to add a new application to your AAD tenant.

Add New Application

Step 5: Click Create your own application

Click "Create your own application" to create a custom application for connecting to Clarity.

Create your own application

Step 6: Configure your new application

Create a name for your application and select "Integrate any other application you don't find in the gallery (Non-gallery).  Then click "Create" once you are done.

Configure the New Application

Step 7: Click Setup Single sign-on

Click "Setup single sign-on" or Single sign-on" on the side of the screen.

Setup Single Sign-On

Step 8: Choose SAML

Click the SAML button to start the SAML setup process.

Choose SAMLStep 9: Configure Basic SAML

Configure the Basic SAML page using the information below.

  • Identifier (Entity ID): https://yourtenant.claritysecurity.io/saml2/aad/metadata
  • Reply URL: https://yourtenant.claritysecurity.io/saml2/aad/acs
  • Sign on URL: Leave blank
  • Replay State: Leave blank
  • Logout URL: https://yourtenant.claritysecurity.io/saml2/aad/sls

You must replace "yourtenant" with the sub-domain from your Clarity tenant.

Configure Basic SAML

Step 10: Double check the entries and hit Save

Confirm all the entries for Basic SAML Configuration and hit save.

Step 11: Download the Base64 SAML Certificate

Step 12: Copy the Login URL & Azure AD Identifier for later use

Step 13: Assign Users and/or Groups

Step 14: Log in to your Clarity Portal

https://yourdomain.claritysecurity.io 

Step 15a: Connect Azure AD in Clarity (if you have not already)

Azure AD Connection Instructions: https://help.claritysecurity.io/v1/docs/azure-active-directory

Screenshot 2023-04-04 at 3.43.47 PM

Step 15b: If Azure AD is already connected, edit this Application to set it as your SSO provider

Screenshot 2023-04-04 at 3.44.12 PM

Step 16: Configure SSO Settings in Clarity

1. Toggle the Off - On to On

2. Choose Azure Active Directory (aad) from the dropdown for SSO IDP

3. Entity ID is line 2 Azure AD Identifier from Step 12 above

4. Login URL is line 1 from Step 12 above

5. Logout URL is line 3 from Step 12

6. x509 Certificate is what you downloaded in Step 11. Open it with a text-editor, copy & paste.

Click "Save Edits", and you're all set. 


Step 17: Log Out of Clarity, and you'll be prompted to log in via SSO

You're all set! 

Need Help?

If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.



Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.