- 25 Apr 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Using Okta for SSO
- Updated on 25 Apr 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
This guide will teach you how to configure SAML-based Single Sign-On with Okta for Clarity.
Estimated time to complete: 30 minutes
Before You Begin
To successfully configure Single Sign-On with Okta, you'll need the following pre-requisites before you begin:
- Admin access within your Okta instance
- Note: If you do not have admin access, reach out to your Okta admins for provisioning.
- Admin access within your Clarity Security tenant
- Note: If you are a full admin in Clarity Security and get a permission error when trying to add a new application, reach out to support@claritysecurity.io.
How to Setup the Connector
Step 1: Login to Okta:
Login to the Okta by heading to the URL below.
Step 2: Navigate to Your Org, then choose Applications from the left menu and click Create App Integration
Step 3: Choose SAML 2.0
Step 4: Name your App
"Clarity SSO Login" or "Clarity SSO App" will work. Pick something that will make it obvious as you will be assigning this application to everyone that you want to be able to login to Clarity
Step 5: Start Configuring the SAML Settings
Single sign-on URL = https://YOURDOMAIN.claritysecurity.io/saml2/okta/acs
Audience URI = https://YOURDOMAIN.claritysecurity.io/saml2/okta/metadata
Select "Persistent" for Name ID format and "Email" for Application username.
Step 6: Scroll down to Attribute Statements
Complete this attribute exactly as shown:
Step 7: Scroll down and click Next
Blue button at the bottom
Step 8: Choose "Customer", scroll to bottom and click "Finish"
Step 9: Click "View SAML setup instructions"
You might have to scroll down
Step 10: New Tab opens with required information
Leave this tab open, you'll be filling these values into Clarity's Settings for SSO
Step 11: Assign the new App to people in your organization
Assign to individuals or Groups. Everyone that will need to log in to Clarity must be assigned this application. If Okta is already connected in your Clarity instance, you may also run a sync and then assign the entitlement for this application utilizing Clarity's provisioning capabilities.
Step 12a: Connect Okta in Clarity (if you have not already)
Okta Connection instructions: https://help.claritysecurity.io/v1/docs/okta
During setup, choose "Yes" for the SSO Provider
Step 12b: If Okta is already connected, edit to set as your SSO provider
Step 13: Configure SSO Settings in Clarity
1. Toggle the Off - On to On
2. Choose Okta from the dropdown for SSO IDP
3. Entity ID is #2 Identity Provider Issuer from Step 10 above
4. Login URL is #1 from Step 10 above
5. Logout URL is the base URL domain from the Login URL
6. x509 Certificate is #3 from Step 10 above
Click "Save Edits" and you're all set.
Step 14: Log Out of Clarity and you'll be prompted to log in via SSO
Need Help?
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.