How to add a Non-Federated user in Okta


Article ID: 195652


Updated On:


Clarity PPM SaaS


Non-Federated user creation in Okta 

If you require a non-federated user to access your New User Experience SaaS instance then that user needs to be created in Broadcom’s Okta tenant by your Okta tenant admin.



Release : 15.8+ using SSO



1. From New User Experience, create the non-federated user via the “Resources” section under Administration.
The username format must be a valid email address.
2. Your Okta tenant administrator will log into Broadcom’s Okta administration site (
The tenant administrator should be the same user identified in “Information needed to enable Federated SSO in Clarity SaaS” and should use the same login credentials established when registering in Okta.
3. Navigate to the Admin link on the top right of the page.
4. Complete the multi-factor authentication.
5. Navigate to People under the Directory menu.
6. Click on Add Person, to create the non-federated user.
7. Populate the user information for non-federated users. Some key information you should remember is shared below:
Users must have a valid email address and must be the same as the username in 
New User Experience.
8. Ensure the Send user activation email now is checked.
9. Save the user information. The new user will receive an email from Okta with instructions to register and set up multi-factor authentication.
10. Navigate to Groups under the Directory menu and add the user to the respective group.
If a non-federated user already exists in Broadcom’s Okta then your Okta tenant admin cannot add them to the Okta user group to grant them access to your Clarity SaaS environment. Broadcom’s Okta tenant will see the error message below. In such a situation, you need to open a support ticket with Broadcom requesting the existing non-federated user be added to your Okta user group.

Additional Information

Non-Federated user access (Accessing Clarity using the new SSO URL)

Note: After the non-federated user is created in Okta and activated, please use the generic SSO URL here: