Configuring SAML SSO for Clarizen
These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Clarizen
Prerequisite
-
Log in to ADSelfService Plus as an administrator.
- Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select Clarizen from the applications displayed.
Note: You can also find Clarizen application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
-
Click IdP details in the top-right corner of the screen.
-
In the pop-up screen that appears, note down the values of Login URL , Logout URL. and download the metadata file by clicking on the Download Metadata .
Clarizen (Service Provider) configuration steps
-
Now, log in to your Clarizen administrator account.
-
Click on your profile picture present at the top right corner.
-
Under Profiles, select Full Admin. Then select Settings.
-
Navigate to Global Settings → Federated Authentication. Click Edit.
-
Toggle the Enable Federated Authentication to the on position.
-
Click Upload certificate, and choose the certificate (PEM) file you had saved in Step 4 of prerequisite.
-
In the Sign-in URL field, enter the Login URL value you had copied in Step 4 of Prerequisite.
-
In the Sign-out URL field, enter the Logout URL value you had copied in Step 4 of Prerequisite.
-
Click Save.
-
Again, click Federated Authentication: Edit…
-
You can now see the settings you saved along with the To login via SSO URL value. Note down the URL. This will serve as the SAML Redirect URL value that you need to enter while configuring Clarizen with ADSelfService Plus.
-
Click Save to exit the window.
ADSelfService Plus (Identity Provider) configuration steps
-
Now, switch to ADSelfService Plus’ Clarizen configuration page.
-
Enter the Application Name and Description.
-
In the Assign Policies field, select the policies for which SSO need to be enabled.
Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
-
Select Enable Single Sign-On.
-
Enter the Domain Name of your Clarizen account. For example, if you use johndoe@thinktodaytech.com to log in to Clarizen, then thinktodaytech.com is the domain name.
-
In the SAML Redirect URL field, enter the URL you had copied in Step 11 of Clarizen configuration.
-
Choose the Name ID format that has to be sent in the SAML response. The Name ID format will specify the type of value sent in the SAML response for user identity verification.
-
Click Add Application.
Your users should now be able to sign in to Clarizen through ADSelfService Plus.
Note:
For Clarizen, both IDP and SP-initiated flows are supported.