Using Okta for SSO

This guide will teach you how to configure SAML-based Single Sign-On with Okta for Clarity.

Estimated time to complete: 30 minutes

Before You Begin

To successfully configure Single Sign-On with Okta,  you'll need the following pre-requisites before you begin:

•  Admin access within your Okta instance
  •  Note: If you do not have admin access, reach out to your Okta admins for provisioning.
• Admin access within your Clarity Security tenant
  •  Note: If you are a full admin in Clarity Security and get a permission error when trying to add a new application, reach out to support@claritysecurity.io.

How to Setup the Connector

Step 1: Login to Okta:

Login to the Okta by heading to the URL below.

https://www.okta.com/login/

Step 2: Navigate to Your Org, then choose Applications from the left menu and click Create App Integration

Step 3: Choose SAML 2.0

Step 4: Name your App

"Clarity SSO Login" or "Clarity SSO App" will work. Pick something that will make it obvious as you will be assigning this application to everyone that you want to be able to login to Clarity

Step 5: Start Configuring the SAML Settings

Single sign-on URL = https://YOURDOMAIN.claritysecurity.io/saml2/okta/acs

Audience URI = https://YOURDOMAIN.claritysecurity.io/saml2/okta/metadata

Select "Persistent" for Name ID format and "Email" for Application username.

Step 6: Scroll down to Attribute Statements

Complete this attribute exactly as shown:

Step 7: Scroll down and click Next

Blue button at the bottom

Step 8: Choose "Customer", scroll to bottom and click "Finish"

Step 9: Click "View SAML setup instructions"

You might have to scroll down

Step 10: New Tab opens with required information

Leave this tab open, you'll be filling these values into Clarity's Settings for SSO

Step 11: Assign the new App to people in your organization

Assign to individuals or Groups. Everyone that will need to log in to Clarity must be assigned this application. If Okta is already connected in your Clarity instance, you may also run a sync and then assign the entitlement for this application utilizing Clarity's provisioning capabilities.

Step 12a: Connect Okta in Clarity (if you have not already)

Okta Connection instructions: https://help.claritysecurity.io/v1/docs/okta

During setup, choose "Yes" for the SSO Provider

Step 12b: If Okta is already connected, edit to set as your SSO provider

Step 13: Configure SSO Settings in Clarity

1. Toggle the Off - On to On

2. Choose Okta from the dropdown for SSO IDP

3. Entity ID is #2 Identity Provider Issuer from Step 10 above

4. Login URL is #1 from Step 10 above

5. Logout URL is the base URL domain from the Login URL

6. x509 Certificate is #3 from Step 10 above

Click "Save Edits" and you're all set. 

Step 14: Log Out of Clarity and you'll be prompted to log in via SSO

Need Help?