Post

1 follower Follow
0
Avatar

Integration with Identity Providers

Overview

In addition to the “out of the box” SSO solution that Clarizen provides via the integration with OneLogin, we also provide the infrastructure to enable you to integrate with any other SAML2 compliant identity provider.

To Integrate a SAML based SSO…

  1. Configure the SAML end point within Clarizen
  • Go to Settings -> Global Settings -> Federated Authentication

  • Enable the "use Federated Authentication" checkbox

  • Set the SAML end point (i.e. sign in URL)

  • Should be provided by specific Identity Provider solution

  • Set the Certificate

  • Should be exported for the specific Identity Provider solution

  •  .pem  certification format is supported

  • Certificate signing algorithm should be SHA-1

 

  1. Configure your identity provider (note: each identity provider may use different terms for the parameters)
  • Configure your Clarizen SAML end point to be  https://app2.clarizen.com/Clarizen/Pages/Integrations/SAML/SamlResponse.aspx

  • Ensure that the Clarizen SAML ID for all of your identity provider’s relevant users matches that user's Clarizen user name.

  • In case you can choose the Output Claim Name in your provider, choose “Name ID”

    Usually the Identity Provider enables you to configure this through some type of rule (e.g. the user’s email)

  • The Entity ID parameter (required by some Identity Providers) should be ‘Clarizen’

  1. The Access to Clarizen via an SSO is through a special link and not via the Clarizen login page

Automatic Provisioning

Please note that the SSO solutions explained above do not solve the issue of provisioning. This means that you will have to handle the sync of users between your identity provider and Clarizen separately. This can be done either manually or automatically using the Clarizen SOAP API or using Clarizen’s User Sync tool.

Clarizen Team Answered

Please sign in to leave a comment.