XOG and Schedule Connect (used for both Microsoft Project (MSP) and Open Workbench (OWB) integrations) were not originally designed to work with SSO-enabled Clarity applications. Special considerations must be taken for these applications to successfully interact with Clarity when Single Sign-on is enabled in Clarity.
In Clarity the separate non-SSO instance are not required, but the Scheduler Entry URL in the NSA must be set so that the schedulers bypass the SSO web agent when they make requests. XOG and ScheduleConnect will not present the SSO token with their requests, so all attempts for XOG/ScheduleConnect to interact with Clarity through the SSO-enabled web server will fail. All XOG activity should use the Scheduler Entry URL so that the XOG authentication succeeds.
The correct configuration is to set the Scheduler Entry URL to the direct port that the application server instance is running on so that the request from XOG/ScheduleConnect is not intercepted by the SSO web agent. In a clustered environment, the Scheduler Entry URL can be set to a load balancer pool that contains the direct application server instance ports so that the requests bypass the SSO web agent.
Interesting fact: Prior to Clarity 8.1.2, a separate non-SSO enabled application instance was required to be set up in order for XOG and the schedulers to work with Clarity. Now this is no longer the case.