Clarizen

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for Clarizen using SAML.

About Clarizen

Clarizen is a Software as a Service (SaaS) solution used for project management. It is typically used by managers to control project tasks, resource allocation, and project finances.

After integrating Clarizen with Oracle Identity Cloud Service:

  • Users can access Clarizen using their Oracle Identity Cloud Service login credentials.
  • Users can start Clarizen using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the Clarizen app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A Clarizen account with authorization rights to configure federated authentication.
  • Make sure that the email ID of each user in Clarizen matches the primary email ID of the Oracle Identity Cloud Service account.

Configuring the Clarizen App in Oracle Identity Cloud Service

Use this section to register and activate the Clarizen app, and then assign users to the app. You obtain that account ID from Clarizen.

Prerequisite Step

An account type is required before you can register and activate the Clarizen app.

The Clarizen account type appears in the Clarizen home URL: https://<Account_Type>.clarizen.com that you received in an email from Clarizen.

Registering and Activating the Clarizen App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Clarizen, and then click Add.

  4. In the App Details section, enter your Clarizen Account Type, and then click Next.

    Note: This is the account type value that you obtained while performing the steps in the "Prerequisite Step" section.

  5. Click Download Signing Certificate.

    Tip: Use this file later during Clarizen configuration in the "Configuring SSO for Clarizen" section.

  6. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  7. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the Clarizen App

  1. On the Clarizen app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.

  2. Select users that you want to assign to Clarizen, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the Clarizen app is assigned to the users that you selected.

Configuring SSO for Clarizen

  1. Access Clarizen as an administrator using the URL: https://<Account_Type>.clarizen.com. The Clarizen home page appears.

  2. In the upper-right corner, click the user name drop-down list, and then select Settings.

  3. In the Organization Settings section, click edit... next to Federated Authentication. The Federated Authentication window appears.

  4. Click Enable Federated Authentication slider, and then use the table to update the federated authentication attributes.

    This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
    Attribute Value
    Certificate Click Upload certificate... and then upload the certificate that you downloaded earlier while registering Clarizen in Oracle Identity Cloud Service. See the "Registering and Activating the Clarizen App" section.
    Sign-in URL Enter the Sign-in URL/SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso.
    Enable Password authentication Select No One from the drop-down list.

  5. Expand Show Advanced Options, and then use the table to update the federated authentication attributes.

    Attribute Value
    Authentication Context Select the Disable Authentication Context Enforcement check box.
    Name ID Format Select Email from the drop-down list.
    Use POST Select the Use HTTP POST Binding check box.
    Advanced verification Select the Additional SAML 2.0 attributes will be checked check box.
    Advanced request Select the Enable additional request features check box.

  6. Click Save.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP initiated SSO) and Clarizen (SP initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the Clarizen app. Oracle Identity Cloud Service displays a shortcut to Clarizen under My Apps.

  3. Click Clarizen. The Clarizen home page appears.

  4. In the upper-right corner of the page, confirm that the user that is logged in is the same for both Clarizen and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from Clarizen

  1. Access the Clarizen using the URL: https://<Account_Type>.clarizen.com, and then click Connect via Federated Authentication. You are redirected to the Oracle Identity Cloud Service login page.

  2. Log in using credentials for a user that is assigned to the Clarizen app. The Clarizen home page appears.

  3. In the upper-right corner of the page, confirm that the user that is logged in is the same for both Clarizen and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Clarizen works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Clarizen displays the message, "User <User_Name> is not found"

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in Clarizen.

Solution: Ensure that the user that you assign to the Clarizen app has an account in both Oracle Identity Cloud Service and Clarizen with the same email address.

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service Clarizen app and Clarizen is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select Clarizen.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the Clarizen app using Oracle Identity Cloud Service.

Solution 2:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select Clarizen.
  • In the App Details section, select Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.