Add a Non-Federated user in Okta
search cancel

Add a Non-Federated user in Okta

book

Article ID: 195652

calendar_today

Updated On:

Products

Clarity PPM SaaS

Issue/Introduction

Non-Federated user creation in Okta. If you require a non-federated user to access your New User Experience SaaS instance then that user needs to be created in Broadcom’s Okta tenant by your Okta tenant admin. This article will provide you with the steps on how to do that. 

Environment

Release : 15.8+ using SSO

Component : Clarity SaaS/GCP environments

Resolution

Step

Action
1

Create the user in Classic Clarity

  • From Classic Clarity, create the non-federated user via the “Resources” section under Administration.
  • The username format must be a valid email address.
2

Log in to Broadcom’s Okta administration site (Okta tenant administrator)
3

Navigate to the Admin link on the top right of the page.
4

Complete the multi-factor authentication
5

Navigate to 'People' under the Directory menu
6

Click on 'Add Person'
7

Populate the user information for non-federated users

Some key information you should remember is shared below:
  • Users must have a valid email address and must be the same as the username in Clarity.
  • Ensure the “Send user activation email now” is checked.
  • When adding a user in Okta in Directory --> Groups menu the Admin has to assign to one of the groups Admin has access to. If Admin starts typing “Clarity” in  Groups name, one would see the Okta User Group names like ClarityPPM.myorg.cppmXXXX.dev.
8

Ensure the Send user activation email now is checked
9

Save the user information

The new user will receive an email from Okta with instructions to register and set up multi-factor authentication.
10

Add the user to the respective group

  1. Navigate to Groups under the Directory menu
  2. Add the user to the respective group

Additional Information

  • If a non-federated user already exists in Broadcom’s Okta then your Okta tenant admin cannot add them to the Okta user group to grant them access to your Clarity SaaS environment. Broadcom’s Okta tenant will see the error message referenced in KB: Okta error "An object with this field already exists...". Open a support ticket with Broadcom requesting the existing non-federated user be added to your Okta user group. Refer to the KB for more details.
  • Reference also: Non-Federated user access (Accessing Clarity using the new SSO URL) at: Clarity SaaS Authentication in the Google Cloud Platform
  • After the non-federated user is created in Okta and activated, please use the generic SSO URL here:
    • NA: https://cppmssous02.ondemand.ca.com/ppmsso/csso
    • Europe: https://cppmssoeu02.ondemand.ca.com/ppmsso/csso
    • APJ: https://cppmssoau02.ondemand.ca.com/ppmsso/csso
Powered by Wolken Software