Integration with Identity Providers
In addition to the “out of the box” SSO solution that Clarizen provides via the integration with OneLogin, we also provide the infrastructure to enable you to integrate with any other SAML2 compliant identity provider.
To Integrate a SAML based SSO…
- Configure the SAML end point within Clarizen
Go to Settings -> Global Settings -> Federated Authentication
Enable the "use Federated Authentication" checkbox
Set the SAML end point (i.e. sign in URL)
Should be provided by specific Identity Provider solution
Set the Certificate
Should be exported for the specific Identity Provider solution
.pem certification format is supported
Certificate signing algorithm should be SHA-1
- Configure your identity provider (note: each identity provider may use different terms for the parameters)
Configure your Clarizen SAML end point to be https://app2.clarizen.com/Clarizen/Pages/Integrations/SAML/SamlResponse.aspx
Ensure that the Clarizen SAML ID for all of your identity provider’s relevant users matches that user's Clarizen user name.
In case you can choose the Output Claim Name in your provider, choose “Name ID”
Usually the Identity Provider enables you to configure this through some type of rule (e.g. the user’s email)
The Entity ID parameter (required by some Identity Providers) should be ‘Clarizen’
- The Access to Clarizen via an SSO is through a special link and not via the Clarizen login page
Once the federated authentication settings are defined within Clarizen, this link will be added to the Clarizen login page under the login section
The link will be presented in this format: https://app2.clarizen.com/Clarizen/Pages/Integrations/SAML/SamlRequest.aspx?EntityId=999999. Where 999999 is the internal ID of your Clarizen account
Please note that the SSO solutions explained above do not solve the issue of provisioning. This means that you will have to handle the sync of users between your identity provider and Clarizen separately. This can be done either manually or automatically using the Clarizen SOAP API or using Clarizen’s User Sync tool.
Please sign in to leave a comment.