Common App Configuration Steps

Configure Applications

This is a detailed explanation of the options available in every Application Configuration

Step 1 - Connect App

See the description of each field and option below.

Application: This is the application name that you selected from the Marketplace screen.

Application Specific Fields:  These fields differ from app to app, as different apps may need more or less information (compared to the AWS example above) in order to complete the API connection and authentication.

Name: This is the human readable name for your application.

Unique Identifier: Use this identifier to distinguish between each connector.  If you are only connecting to each application once, then you can typically leave this as default.  However if you are connecting to multiple instance of the same application (such as multiple on-premise databases), you will need to create a different unique identifier for each database connection.

Access Via:

• API: This connection type should be selected for most, if not all, SaaS applications.
• Clarity Connect (on-prem Connector): Select this for any applications (ex: Databases, Active Directory) that you have on premise and wish to be connected to Clarity.
• Manual (not recommended): This would require the manual upload of data from CSV. This is not recommended unless you are regularly uploading CSVs representing your application data.

Validate button: Clicking the validate button triggers a one time communication with the API endpoint to verify the connection is valid.  If this succeeds, then Entitlements will be imported for the next step (Default Entitlement for New Users).

Step 2 - App Settings

See the description of each field and option below.

Sync Options:

This is the frequency that you would like the application to check for changes.  This can be set to Manual, every 30 minutes, Hourly, Every Four Hours, Every six Hours, Daily, Weekdays, Weekends, Weekly, Monthly.

App Owner: You can select and Identity from Clarity to serve as the Application Owner.

Default Entitlement for New Users: Select an Entitlement for New Users to the application to automatically receive.

Trust Relationship:

• This is a source of truth: Select this option for all your sources of truth which have some of your Identities. This is typically HR applications or enterprise Active Directory applications.
• Recipient only (most SaaS apps): Apps like Zoom which does not act as a source of identities. This is a common selection for most SaaS applications. This will be the only option available for most SaaS applications.

Trust Permission:

• Read Only: The application is only permitted to read the data from the application connection, no data is ever written back to the source.
• Read + Provision/De-provision Entitlements (No User Creation): Clarity is permitted to read information from the source as well as adding or removing access to Entitlements when users are hired or terminated, but will not create new Users in your applications.
• Read + Provision/De-provision Entitlements and Users: Clarity is permitted to read information from the source as well as adding or removing access to Entitlements when users are hired or terminated, and will create new Users in your applications where applicable.
• Write: Similar to Read + Provision/Deprovision above, however Clarity can also write Attributes back to the source.

Step 3 - User Settings

See the description of each field and option below.

Allow Automatic account creation: Setting this to "Yes" would allow users to request access from the Self-Service Portal and be automatically approved.

This application is the SSO provider for your organization: This option lets you tell Clarity that this application acts as the Single Sign On for your organization.

Allow user login through external identity provider: Use this to indicate the user log in to this application using another service (such as Okta, Azure SSO, etc.).

Deactivate users on termination: When Clarity determines that a user has been terminated, select Yes here to keep the account in the application but in an inactive state (not supported by all connectors).  This is often required for audit compliance.

Delete users on termination: Set this option to Yes if you want the user account to be completely deleted from the application when Clarity determines the Identity has been terminated.

Save: Clicking the Save button will trigger the first full sync for your application (even if you selected Manual syncing).  This includes Service Users, Entitlements, Service User Entitlements, Service User Attributes.

Need help?