Just-In-Time (JIT) User Creation In Clarity
search cancel

Just-In-Time (JIT) User Creation In Clarity

book

Article ID: 435336

calendar_today

Updated On:

Products

Clarity PPM SaaS

Issue/Introduction

The Just-in-Time (JIT) feature in Clarity allows for the automated creation and dynamic updating of user accounts during the SAML authentication process. By leveraging attributes passed in a SAML assertion, Clarity can create a new user "on the fly" with required details such as name and email, or synchronize an existing user's security permissions and profile attributes every time they log in. This ensures that user data in Clarity remains consistent with the organization’s central identity directory without requiring manual administrative overhead for every personnel change.
 
To facilitate this exchange, the Identity Providers (IdPs) use an Application Profile (often referred to as a Service Provider (SP) Configuration). The Application Profile is a dedicated "Clarity-specific" space within the IdP. While the IdP maintains a single central record for a user, the Application Profile specifies exactly which data points—known as Custom Claims or SAML Attributes—should be packaged and sent to Clarity. The Mandatory Attributes to Create a User and the Optional Attributes to Update User Records tables on this page include mappings between SAML attributes and Clarity attributes that IdP administrators can use when sending SAML requests to Clarity.

Environment

Clarity 16.4.2 

Resolution

Customer should follow below steps in order to enable Just-In-Time (JIT) User Creation In Clarity for Broadcom SaaS 

  • Create a Support Case
  • Fill out the attached JIT On-Boarding questionnaire 
    • Requirements : SSO enabled system
  • Process to Enable Clarity JIT
    • Setup Federation with extended attributes
    • Validate that all the attributes are received by Broadcom SSO when user authenticates via SSO
    • At this point Clarity System Options is not turned on for enabling JIT
    • Users will be provisioned to SSO at Broadcom but not Clarity.
    • Once Broadcom validates attributes are properly recieived JIT System option is enabled in Clarity
    • All subsequent SSO logins will trigger Clarity User Provisoning or User Updates
    • Configuration shold be first validated properly in Test Environment before implementing in Production

 

Additional Information

Attachments

JIT Onboarding Questionnaire for Broadcom VIP Authentication Hub.docx get_app
Powered by Wolken Software