Adding an existing OKTA user to your tenant in GCP and using the SaaS Sync Users job
Article ID: 211693
Updated On:
Products
Clarity PPM SaaS
Issue/Introduction
You need to add an existing OKTA user (a 3rd party partner) to your tenant in OKTA. Since this user already exists in OKTA, you cannot add the user to your OKTA tenant.
The documentation mentions the SaaS Sync Users Job. However, it is not enabled for you. How can you get this job enabled?
Environment
All
Resolution
Please open a case with Broadcom support providing the below information:
- Environment URL(s) access is requested for
- PSC Approval
- Email address for the account that should be added
Additional Information
See: Clarity SaaS Authentication in the Google Cloud Platform
Non-Federated User Creation in Okta
The SaaS User Sync job enables Clarity SaaS customers to synchronize Clarity users with Broadcom Okta and assign them to the appropriate Okta groups. Administrators should manually schedule this job to run regularly. In Clarity 15.9.1 and future releases, customers do not need to log in to Okta as tenant admin to add users. The SaaS User Sync job reads all users from Clarity that have not been synced previously and then performs the following actions:
Check if the Clarity user exists in Okta.
Non-Federated User Creation in Okta
The SaaS User Sync job enables Clarity SaaS customers to synchronize Clarity users with Broadcom Okta and assign them to the appropriate Okta groups. Administrators should manually schedule this job to run regularly. In Clarity 15.9.1 and future releases, customers do not need to log in to Okta as tenant admin to add users. The SaaS User Sync job reads all users from Clarity that have not been synced previously and then performs the following actions:
Check if the Clarity user exists in Okta.
- If the username is not in the form of an email address, the user is skipped.
- If the user exists and is in the appropriate Okta group, then the job will not make any changes.
- If the user exists but is not in the appropriate Okta user group, the job will add the user to the appropriate Okta user group.
- If the user does not exist in Okta, the job will create the user and add them to the appropriate Okta user group.
- If user status in Clarity is "inactive", then the job removes the user from the Okta user group, thus revoking their access to the Clarity PPM instance. The user will be marked as not having been synced in case they are reactivated at a future date.
To learn more about the SaaS User sync job, see Clarity Jobs Reference. If you are using older releases of Clarity, or want to create users manually as an Okta tenant admin, follow the steps given below. To learn more about creating an Okta tenant admin, see Creating an OKTA Tenant Admin.
From Clarity, create the non-federated user via the “Resources” section under Administration
From Clarity, create the non-federated user via the “Resources” section under Administration
Feedback
Yes
No
Powered by
