Using Azure AD for SSO

This guide will teach you how to configure SAML-based Single Sign-On with Azure AD for Clarity.

Estimated time to complete: 30 minutes

Before You Begin

To successfully configure Single Sign-On with Azure AD,  you'll need the following pre-requisites before you begin:

1.  Admin access within your Azure AD instance
   •  Note: If you do not have admin access, contact your Azure AD admins for provisioning.
2. Admin access within your Clarity Security tenant
   •  Note: If you are a full admin in Clarity Security and get a permission error when trying to add a new application, reach out to support@claritysecurity.io.

How to Setup the Connector

Step 1: Log in to Azure Portal:

Log in to the Azure Portal by heading to the URL below.

https://portal.azure.com

Step 2: Search for Azure Active Directory

Search for Azure Active Directory (AAD) and click the option.

Step 3: Click Enterprise Applications

Click Enterprise Applications on the left side of the Azure Active Directory (AAD) page.

Step 4: Click New Application

Click on New Application to add a new application to your AAD tenant.

Step 5: Click Create your own application

Click "Create your own application" to create a custom application for connecting to Clarity.

Step 6: Configure your new application

Create a name for your application and select "Integrate any other application you don't find in the gallery (Non-gallery).  Then click "Create" once you are done.

Step 7: Click Setup Single sign-on

Click "Setup single sign-on" or Single sign-on" on the side of the screen.

Step 8: Choose SAML

Click the SAML button to start the SAML setup process.

Step 9: Configure Basic SAML

Configure the Basic SAML page using the information below.

• Identifier (Entity ID): https://yourtenant.claritysecurity.io/saml2/aad/metadata
• Reply URL: https://yourtenant.claritysecurity.io/saml2/aad/acs
• Sign on URL: Leave blank
• Replay State: Leave blank
• Logout URL: https://yourtenant.claritysecurity.io/saml2/aad/sls

You must replace "yourtenant" with the sub-domain from your Clarity tenant.

Step 10: Double check the entries and hit Save

Confirm all the entries for Basic SAML Configuration and hit save.

Step 11: Download the Base64 SAML Certificate

Step 12: Copy the Login URL & Azure AD Identifier for later use

Step 13: Assign Users and/or Groups

Step 14: Log in to your Clarity Portal

https://yourdomain.claritysecurity.io 

Step 15a: Connect Azure AD in Clarity (if you have not already)

Azure AD Connection Instructions: https://help.claritysecurity.io/v1/docs/azure-active-directory

Step 15b: If Azure AD is already connected, edit this Application to set it as your SSO provider

Step 16: Configure SSO Settings in Clarity

1. Toggle the Off - On to On

2. Choose Azure Active Directory (aad) from the dropdown for SSO IDP

3. Entity ID is line 2 Azure AD Identifier from Step 12 above

4. Login URL is line 1 from Step 12 above

5. Logout URL is line 3 from Step 12

6. x509 Certificate is what you downloaded in Step 11. Open it with a text-editor, copy & paste.

Click "Save Edits", and you're all set. 

Step 17: Log Out of Clarity, and you'll be prompted to log in via SSO

You're all set! 

Need Help?