Learn how to configure SAML authentication with Azure AD SSO.
Estimated time to complete: 30 minutes
A service account in BambooHR
Note: If you do not have a service account, reach out to your BambooHR admin for provisioning.
Instructions on creating a service account are included in the section How to Set Up the Connector.
Admin access to Clarity Security
Note: If you are a full admin in Clarity Security and get a permission error when trying to add a new application, reach out to firstname.lastname@example.org.
How to Configure SAML
1. Log into Azure: https://portal.azure.com
2. Search for Azure Active Directory > Enter
3. Click Enterprise Applications
4. Click New Application
5. Click Create your own application
6. Configure the application > click Create
What is the name of your app? Clarity Single Sign-on
What are you looking to do with your application? Integrate any other application you don’t find in the gallery (Non-Gallery)
7. Click Set up single sign on
8. Click SAML
9. Navigate to https://YOUR-DOMAIN.claritysecurity.io/saml2/aad/metadata
10. In Azure AD click Edit in the Basic SAML Configuration box.
11. Configure Basic SAML
Identifier Delete http://adapplicationregistry.onmicrosoft.com/customappsso/primary from the Identifier (Entity ID) and enter https://YOUR-DOMAIN.claritysecurity.io/saml2/aad/metadata
11. Configure Basic SAML
Identifier (Entity ID): https://YOUR-DOMAIN.claritysecurity.io/saml2/aad/metadata
Reply URL: https://YOUR-DOMAIN.claritysecurity.io/saml2/aad/acs
Sign on URL: Leave blank
Relay State: Leave blank
Logout URL: https://YOUR-DOMAIN.claritysecurity.io/saml2/aad/sls
In the URLs the phrase YOUR-DOMAIN should be replaced with the domain you navigate to to log in to Clarity.
12. Double-check your entries and Save.
13. Before testing single sign-on. Log in to https://support.claritysecurity.io > Open Support Ticket > Enable SSO
13. From Azure AD, copy the Login URL and Logout URL into the corresponding support form fields.
14. From Azure AD, copy the Azure AD Identifier into the support form field IDP Entity ID.
15. From Azure AD, download the Certificate (Base 64), open it and copy the text into the support form field SSO Certificate.
16. The Clarity Security support team will configure SSO within 24 hours.
17. Once you are notified, open Azure AD > Enterprise Applications > Clarity Single Sign-On > Users and groups
18. Click Add Users/Groups and add relevant groups.
Support Contact Information
Call your customer success team.
Open a ticket here - https://claritysecurityhelp.zendesk.com/hc/en-us/requests/new
Call 979-398-5512 – Monday through Friday – 8:00 AM-6:30 PM CST