Much like Downstream Applications connected to Clarity, the entitlements listed under the Clarity Application are used to define access to Clarity itself. Clarity has several entitlements, each capable of granting a different type or level of access to the application. Some entitlements can be granted automatically when they login with SSO for the first time, see the section below for details: Granting Access.
The entitlements listed below serve a function and Clarity and provide some level of access or permissions in Clarity. Please see the section below regarding granting someone access to Clarity
- Access Certification Admin - Remediate and finalize Access Reviews. Allows Identity to be a fall-back review when no Supervisor/Owner is available. This also grants them the ability to view items not assigned to them as a Reviewer. They cannot Approve/Deny review items not assigned to them.
- Admin - Grants access to all facets of Clarity.
- Base User - This is required for a user to log in to Clarity, but does not grant any other access. If a user had only this access, they would see nothing in the sidebar.
- Clarity Base Entitlement - This entitlement does not have a function, it is not automatically added to users in Clarity. This can be safely ignored.
- End User - This is the lowest level of access for an account in Clarity, granting access to only the Self-Service Portal (only "Request New Access").
- Manager - Grants access to Self-Service options: "Manage Subordinates", "New Worker", and "Perform User Access Review". Manager entitlement is required to perform User Access Reviews. When using the "New Worker" function, the selection of Organizational Units is limited to the Manager's own Organization Units and those of their existing subordinates.
Entitlements currently not in use
The entitlements listed below do not serve a function in Clarity but are related to upcoming features.
Currently not in use:
- Read All
Grant Clarity Login
When you click the "Grant Clarity Login" button depicted below (this is found on the Identity page for the individual user), this enables the account to Login by granting them the "Base User" and "End User" entitlements (see above).
If email is enabled for your tenant, an email will be sent to the email address for the Identity with their password.
If email is not enabled, then you can click the Edit Profile button (or pencil icon) to set a password for other users. The user will need to change their password once they log in.
First-time login with SSO
If you have SSO correctly configured for Clarity and login for the first time:
- User attempts to log in to Clarity, which redirects to the SSO provider of your choice. The user enters their credentials into this service.
- SSO Provider either approves or denies the login attempt (based on group membership), and tells Clarity whether the login was successful.
- Clarity will add the "Base User" and "End User" entitlements, and add the user to the list of accounts with the ability to log in.
- Clarity will also grant "Manager" entitlement if the user is assigned as a Reviewer on any Access Reviews (at the time of first login only).
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.