Automatic Allocation of Requestor Licenses to New or Suspended Users via SSO Login

What's New

Note: This feature is in controlled availability, and will be released for general availability soon. To gain early access, contact your Customer Success Manager.

Users logging in via Single-Sign-On (SSO) without active Clarizen licenses, but are recognized by the organization's Identity Provider (IDP), will automatically receive Requester licenses.

The following users will receive a Requestor license, provided there are available Requestor licenses: 

  • Non-existent user - A new user will be created and the user will be logged in.
    The new user's credentials will be as follows:
    • The username will be based on the SSO name
    • The email will be based on either a SAML response, or if the organization domain exists, then with the format: username@organization_domain.com
      Note: If none of the above options exist, the user will not be created, and a message to contact the administrator will be displayed
    • First and last names will be based on SSO details if they exist, otherwise will be left blank
  • Suspended user - The user will be reactivated and a Requester license will be assigned irrespective  of the original license type

How it Works

Under Global SettingsFederated Authentication settings, fill in the required SSO settings, and then:

  • Select the Enable Requester Access checkbox to automatically provide licenses based on the rules above
  • Requester Access Profile - select the default Profile for new Requestor users

Best Practice

To avoid license quotas filling up, we recommend creating a Scheduled Workflow Rule to check when a user last logged in with a requester license, and then automatically revoke the license (remove any special permissions, and set the User Type to ‘None’), and suspend the user. For example, suspend all users with Requestor licenses that last logged in more than two weeks ago.

 

 

Have more questions? Submit a request

Comments