You are a Rally User or Support Portal user and connecting to SAAS Clarity URL with Auth Hub VIP SSO for the first time. You get an error Permission Denied 

Clarity SAAS with AuthHub VIP

• The user did not login via IDP to get proper group permissions
• This can happen if the user is accessing using Rally first and then tries to login to Clarity
• Since there is existing session in Auth Hub(AH), it will not force user to redirect to IDP that we setup for Clarity for authentication
• Because of this, the SSO event does not happen as the SSO authentication is needed when JIT provision adds user to right group

1. Please logout from SSO, close your browser, then access this URL: 
   https://access.broadcom.com/default/oauth2/v1/logout?client_id=f6663381-8994-4e12-b257-3a1a2531db2f
2. Then connect straight to Clarity URL - do not connect to Rally or Support portal, just directly to Clarity.
3. This is a one time change, and will generate the user group correctly

Note: If you are getting Access Blocked error in your IDP, then follow the steps outlined in User unable to log into Clarity with AuthHub VIP - IDP Access blocked