Enabling SSO in Google Cloud Platform for Clarity


Article ID: 192888


Updated On:


Clarity PPM SaaS


This document describes the steps that need to be done in order to implement / enable SSO for Clarity PPM SaaS customers in Google Cloud Platform (GCP). 


This is an informational document


Clarity SaaS Google Cloud Platform 


Step 1 - Customer opens a Broadcom Support Case requesting SSO implementations for GCP

Step 2 - We request customers to work with their security team and fill the SSO Authentication Questionnaire and review the Clarity SaaS Federated SSO document

Step 2a - List Of Requirements and action items from customer

  • Completed Questionnaire 
  • Customer will create new IDP artifacts (Ex: Enterprise Application in Azure or new SAML Application in OKTA 
  • Existing Portal IDP setup will not be reused
  • Create IDPs for Production and Non Production Environments
    • 1 IDP for Production and 1 for all Non Production environments

Note: In Customer IDP set up we need to ensure customer share these three attributes: 

        • firstName
        • lastName
        • email 

Step 3 – Broadcom team will generate the metadata and SP initiated information PDF and will share with the customer 

Step 4 – Customer configuration of IDPs with service provider data 

 Step 4a Next Step for Customer

  • Customer configures the IDP artifacts with the Broadcom provided Service Provider Data for all environments (SP Meta data file and environment details is already be provided by Broadcom in Step 3)
  • Make sure Relaystate information is added to IDP configuration. Relaystate is needed as there is no default route with Broadcom SSO to route the user to Clarity PPM

Step 4b Validation of SSO connectivity 

  • Customer validates SSO connection with Broadcom SSO environment

  • Successful test case is when a user logs in via SSO, user should see a PPM Login Prompt

    Note: Clarity PPM is not switched to Broadcom OKTA SSO Service at this point

  • If the validation fails, Customer will work with Broadcom Team to resolve SSO related issues


  • The validation will not impact login to clarity, the existing login method for clarity should work
  • In Production Test  with a new user that was not tested during Dev SSO validation

Step 5 – Once the testing is completed Broadcom Team will schedule to put the Clarity System behind the SSO 


Additional Information

Note: In order to enable SSO we need to have the username in clarity needs to be in email format which is also nameID attribute come from customer IDP


1591979244963__SSO Authentication Questionnaire.xlsx get_app