Enabling SSO in Google Cloud Platform for Clarity

book

Article ID: 192888

calendar_today

Updated On:

Products

Clarity PPM SaaS

Issue/Introduction

This document describes the steps that need to be done in order to implement / enable SSO for Clarity PPM SaaS customers in Google Cloud Platform (GCP). 

Cause

This is an informational document

Environment

Clarity SaaS Google Cloud Platform 

Resolution

Step 1 - Customer opens a Broadcom Support Case requesting SSO implementations for GCP

Step 2 - We request customers to work with their security team and fill the SSO Authentication Questionnaire and review the Clarity SaaS Federated SSO document

Step 2a - List Of Requirements and action items from customer

  • Completed Questionnaire 
  • Customer will create new IDP artifacts (Ex: Enterprise Application in Azure or new SAML Application in OKTA 
  • Existing Portal IDP setup will not be reused
  • Create IDPs for Production and Non Production Environments
    • 1 IDP for Production and 1 for all Non Production environments

Note: In Customer IDP set up we need to ensure customer share these three attributes: 

        • firstName
        • lastName
        • email 

Step 3 – Broadcom team will generate the metadata and SP initiated information PDF and will share with the customer 

Step 4 – Customer configuration of IDPs with service provider data 

 Step 4a Next Step for Customer

  • Customer configures the IDP artifacts with the Broadcom provided Service Provider Data for all environments (SP Meta data file and environment details is already be provided by Broadcom in Step 3)
  • Make sure Relaystate information is added to IDP configuration. Relaystate is needed as there is no default route with Broadcom SSO to route the user to Clarity PPM

Step 4b Validation of SSO connectivity 

  • Customer validates SSO connection with Broadcom SSO environment

  • Successful test case is when a user logs in via SSO, user should see a PPM Login Prompt


    Note: Clarity PPM is not switched to Broadcom OKTA SSO Service at this point

  • If the validation fails, Customer will work with Broadcom Team to resolve SSO related issues

Note:

  • The validation will not impact login to clarity, the existing login method for clarity should work
  • In Production Test  with a new user that was not tested during Dev SSO validation

Step 5 – Once the testing is completed Broadcom Team will schedule to put the Clarity System behind the SSO 

 

Additional Information

Note: In order to enable SSO we need to have the username in clarity needs to be in email format which is also nameID attribute come from customer IDP

Attachments

1591979244963__SSO Authentication Questionnaire.xlsx get_app