Add a Non-Federated user in Okta

book

Article ID: 195652

calendar_today

Updated On:

Products

Clarity PPM SaaS

Issue/Introduction

Non-Federated user creation in Okta. If you require a non-federated user to access your New User Experience SaaS instance then that user needs to be created in Broadcom’s Okta tenant by your Okta tenant admin. This article will provide you with the steps on how to do that. 

Environment

Release : 15.8+ using SSO

Component : Clarity SaaS/GCP environments

Resolution

Step 1: Create the user in Classic Clarity

From Classic Clarity, create the non-federated user via the “Resources” section under Administration.

The username format must be a valid email address.
 

Step 2: Okta tenant administrator log in to Broadcom’s Okta administration site

Site: http://avagoext.okta.com

The tenant administrator should be the same user identified in “Information needed to enable Federated SSO in Clarity SaaS” and should use the same login credentials established when registering in Okta.
 

Step 3. Navigate to the Admin link on the top right of the page.

 

Step 4. Complete the multi-factor authentication.

Step 5. Navigate to People under the Directory menu.

 

Step 6. Click on Add Person

Click on Add Person to create the non-federated user.
 

Step 7. Populate the user information for non-federated users

Some key information you should remember is shared below:
 
  • Users must have a valid email address and must be the same as the username in Clarity.
  • Ensure the “Send user activation email now” is checked.
  • When adding a user in Okta in Directory --> Groups menu the Admin has to assign to one of the groups Admin has access to. If Admin starts typing “Clarity” in  Groups name, one would see the Okta User Group names like ClarityPPM.myorg.cppmXXXX.dev.
 

Step 8. Ensure the Send user activation email now is checked

Step 9. Save the user information

The new user will receive an email from Okta with instructions to register and set up multi-factor authentication.
 
10. Navigate to Groups under the Directory menu and add the user to the respective group.

Additional Information

  • If a non-federated user already exists in Broadcom’s Okta then your Okta tenant admin cannot add them to the Okta user group to grant them access to your Clarity SaaS environment. Broadcom’s Okta tenant will see the error message referenced in KB: Okta error "An object with this field already exists...". Open a support ticket with Broadcom requesting the existing non-federated user be added to your Okta user group. Refer to the KB for more details.
  • Reference also: Non-Federated user access (Accessing Clarity using the new SSO URL) at: Clarity SaaS Authentication in the Google Cloud Platform
  • After the non-federated user is created in Okta and activated, please use the generic SSO URL here:
    • NA: https://cppmssous02.ondemand.ca.com/ppmsso/csso
    • Europe: https://cppmssoeu02.ondemand.ca.com/ppmsso/csso
    • APJ: https://cppmssoau02.ondemand.ca.com/ppmsso/csso