This site requires JavaScript to be enabled
External Customer KB > General > Configuring SAML for Clarizen
Configuring SAML for Clarizen
Article: KB0010295 Published: 02/20/2019 Last modified: 02/18/2020

These steps will guide you through setting up the Single Sign-On functionality between OneLogin and Clarizen.

Setting Up OneLogin

Starting in the OneLogin admin dashboard portal, do the following:

  1. Go to to Apps > Add Apps.
  2. Search for Clarizen that is a SAML 2.0 connector and select it.

    You may edit the Display Name if desired.
  3. Ensure that SAML2.0 - user provisioning is selected under Connectors.
  4. Click Save.
  5. Select the Parameters tab.
  6. Ensure that Credentials are Configured by admin and that the mappings are as follows:
    SAML ID -> Username
    Username -> Email
  7. Click Save.
  8. Select the SSO tab.
  9. Copy down the SAML2.0 Endpoint (HTTP) URL.
  10. Click View Details.
  11. Select X.509 as the certificate type.
  12. Click Download to acquire the X.509 .pem certificate.

The Endpoint URL and Certificate will be put into Clarizen to confirm the SAML SSO connection. 

Now go into your organizations Clarizen admin account.

Setting Up Clarizen

In the Clarizen admin dashboard, do the following:

  1. Select the Dashboard navigation menu and click Settings.
  2. Go to Organization Settings > Federated Authentication > Edit.
  3. Toggle on Enable Federated Authentication.
  4. Select Upload and then select your saved .pem X.509 certificate file.
  5. Under Sign-in URL, put your OneLogin SAML HTTP Endpoint URL.
  6. Under Sign-out URL, we recommend you place as the standard logout address.
  7. For Enable Password Authentication, select Everyone (internal and external).
  8. Copy down the To login via SSO value, up until the ?EntityId= string.
  9. Click Update.

Now go back into OneLogin and in the admin dashboard, do the following:

  1. Go to Apps > Company Apps > Clarizen.
  2. Select the Configuration tab.
  3. Under Domain, put https://{subdomain}, where {subdomain} is your organization's custom subdomain.
  4. Under Consumer URL, put the To login via SSO string copied from Clarizen.
  5. Click Save.

If you select Send Invitation Mail, users who are being provisioned with a Clarizen account will get an email inviting them to log into their account. 

With the configuration complete, OneLogin and Clarizen should be connected through SAML!

Troubleshooting Email Mismatch

In some cases, the Clarizen account admin email may not match the OneLogin admin email. This can be remedied by doing the following:

  1. Go to Users > Account_Owner.
  2. Select the Applications tab.
  3. Select Clarizen to open the Edit Login pane.

Here you may overwrite the default fields for your Clarizen login and insert the correct information to match your OneLogin credentials with your Clarizen credentials.


Expand/Collapse Comments
Was this helpful?