Using Okta for SSO

This guide will teach you how to configure SAML-based Single Sign-On with Okta for Clarity.

Estimated time to complete: 30 minutes

Before You Begin

To successfully configure Single Sign-On with Okta,  you'll need the following pre-requisites before you begin:

•  Admin access within your Okta instance

  •  Note: If you do not have admin access, reach out to your Okta admins for provisioning.

• Admin access within your Clarity Security tenant

  •  Note: If you are a full admin in Clarity Security and get a permission error when trying to add a new application, reach out to support@claritysecurity.io.

How to Setup the Connector

Step 1: Login to Okta:

Login to the Okta by heading to the URL below.

https://www.okta.com/login/

Step 2: Navigate to Your Org, then choose Applications from the left menu and click Create App Integration

Step 3: Choose SAML 2.0

Step 4: Name your App

"Clarity SSO Login" or "Clarity SSO App" will work. Pick something that will make it obvious as you will be assigning this application to everyone that you want to be able to login to Clarity

Step 5: Start Configuring the SAML Settings

Single sign-on URL = https://YOURDOMAIN.claritysecurity.io/saml2/okta/acs

Audience URI = https://YOURDOMAIN.claritysecurity.io/saml2/okta/metadata

Select Persistent for Name ID format and Email for Application username.

Step 5b: Single Logout Options

If you would like to configure your application for Single Logout, you will need to upload your public keys which are generated in the Clarity portal automatically. Under Settings > SSO click on the button labeled "Download PEM Key".

Once you have your PEM key, upload it in the Okta application configuration by clicking "Browse Files". Then check the box for "Allow application to initiate Single Logout" and use:

Single Logout URL = https://YOURDOMAIN.claritysecurity.io/saml2/okta/sls

SP Issuer = https://YOURDOMAIN.claritysecurity.io/saml2/okta/metadata

Step 6: Scroll down to Attribute Statements

Complete this attribute exactly as shown:

Step 7: Scroll down and click Next

Blue button at the bottom

Step 8: Choose "Customer", scroll to bottom and click "Finish"

Step 9: Click View SAML setup instructions

This will be on the right side of the screen on the Sign On tab.

Step 10: Save or Record the values in the new tab

Record these vales from the new tab, you will need them in a later step.

Step 11: Assign the new App to people in your organization

Assign to individuals or Groups. Everyone that will need to log in to Clarity must be assigned this application. If Okta is already connected in your Clarity instance, you may also run a sync and then assign the entitlement for this application utilizing Clarity's provisioning capabilities.

Step 12a: Connect Okta in Clarity (if you have not already)

Okta Connection instructions: Okta

During setup, choose Yes for the SSO Provider

Step 12b: If Okta is already connected, edit to set as your SSO provider

Step 13: Configure SSO Settings in Clarity

Head to Settings > SSO in Clarity and make the following changes:

• Toggle the Off - On to On (top right)

• Choose Okta from the dropdown for SSO IDP

• Entity ID - This is the Identity Provider Issuer from Step 10 above.

• Login URL - This is the Identity Provider Single Sign-On URL from Step 10 above.

• Logout URL - This is the Identity Provider Single Logout URL from Step 10 above.

• x509 Certificate - This is the X.509 Certificate from Step 10 above.

Click Save Edits and you're all set. 

Step 14: Log Out of Clarity and you'll be prompted to log in via SSO

You can also skip the SSO login process and use your local Clarity credentials by adding /login to your tenant URL

https://YOURDOMAIN.claritysecurity.io/login

Need Help?