Add a Non-Federated user in Okta


Article ID: 195652


Updated On:


Clarity PPM SaaS


Non-Federated user creation in Okta. If you require a non-federated user to access your New User Experience SaaS instance then that user needs to be created in Broadcom’s Okta tenant by your Okta tenant admin. This article will provide you with the steps on how to do that. 


Release : 15.8+ using SSO

Component : Clarity SaaS/GCP environments


Step 1: Create the user in Classic Clarity

From Classic Clarity, create the non-federated user via the “Resources” section under Administration.

The username format must be a valid email address.

Step 2: Log in to Broadcom’s Okta administration site (Okta tenant administrator)


The tenant administrator should be the same user identified in “Information needed to enable Federated SSO in Clarity SaaS” and should use the same login credentials established when registering in Okta.

Step 3. Navigate to the Admin link on the top right of the page.


Step 4. Complete the multi-factor authentication

Step 5. Navigate to 'People' under the Directory menu


Step 6. Click on 'Add Person'

Click on Add Person to create the non-federated user.

Step 7. Populate the user information for non-federated users

Some key information you should remember is shared below:
  • Users must have a valid email address and must be the same as the username in Clarity.
  • Ensure the “Send user activation email now” is checked.
  • When adding a user in Okta in Directory --> Groups menu the Admin has to assign to one of the groups Admin has access to. If Admin starts typing “Clarity” in  Groups name, one would see the Okta User Group names like

Step 8. Ensure the Send user activation email now is checked

Step 9. Save the user information

The new user will receive an email from Okta with instructions to register and set up multi-factor authentication.

Step 10. Add the user to the respective group

  1. Navigate to Groups under the Directory menu
  2. Add the user to the respective group

Additional Information

  • If a non-federated user already exists in Broadcom’s Okta then your Okta tenant admin cannot add them to the Okta user group to grant them access to your Clarity SaaS environment. Broadcom’s Okta tenant will see the error message referenced in KB: Okta error "An object with this field already exists...". Open a support ticket with Broadcom requesting the existing non-federated user be added to your Okta user group. Refer to the KB for more details.
  • Reference also: Non-Federated user access (Accessing Clarity using the new SSO URL) at: Clarity SaaS Authentication in the Google Cloud Platform
  • After the non-federated user is created in Okta and activated, please use the generic SSO URL here:
    • NA:
    • Europe:
    • APJ: