This article contains the steps to create an Okta Tenant Admin account and the necessary configuration steps.
These steps are required because a Clarity user cannot be an Okta Tenant Admin. Clarity users are added under non MFA(Multi Factor Authentication) group and for Okta, the Tenant Admin needs MFA group.
Clarity PPM SaaS Environments in GCP
Procedure for Tenant Admin creation by Broadcom
As part of SSO on-boarding process, Customer will provide the email address of the administrators that are designated as Tenant Administrators
Broadcom will provision a new account in OKTA by appending -admin to the username. For example, if customer provides [email protected], Broadcom will generate a new account as [email protected] while keeping the email as [email protected]
Broadcom will assign “Admin” privileges to the new user account in “Self Service” Portal for specific customer group(s)
Procedure to activate account and login to Broadcom OKTA as Administrator and manage users - To be followed by customer Administrator
Note: Customer should not add the new administrator account with “-admin” suffix to their IDP. The reason is once the new admin account access Broadcom OKTA via SSO, MFA (Multi-Factor Authentication) mode is removed (As administrator is logging via Customer IDP and MFA challenge is removed). But Admin privileges need MFA Authentication. For this reason, make sure the administrator account is not accessing the system via IDP SSO login.