Users logging in via Single-Sign-On (SSO) without active Clarizen licenses, but are recognized by the organization's Identity Provider (IDP), will automatically receive Requester licenses.
The following users will receive a Requestor license, provided there are available Requestor licenses:
- Non-existent user - A new user will be created and the user will be logged in.
The new user's credentials will be as follows:
- The username will be based on the SSO name
- The email will be based on either a SAML response, or if the organization domain exists, then with the format: username@organization_domain.com
Note: If none of the above options exist, the user will not be created, and a message to contact the administrator will be displayed
- First and last names will be based on SSO details if they exist, otherwise will be left blank
- Suspended user - The user will be reactivated and a Requester license will be assigned irrespective of the original license type
How it Works
Under Global Settings > Federated Authentication settings, fill in the required SSO settings, and then:
- Select the Enable Requester Access checkbox to automatically provide licenses based on the rules above
- Requester Access Profile - select the default Profile for new Requestor users
To avoid license quotas filling up, we recommend creating a Scheduled Workflow Rule to check when a user last logged in with a requester license, and then automatically revoke the license (remove any special permissions, and set the User Type to ‘None’), and suspend the user. For example, suspend all users with Requestor licenses that last logged in more than two weeks ago.