Clarizen

Configure the Clarizen Web-SAML application profile in the Identity Administration portal to set up single sign-on via SAML with Clarizen. Configuration also specifies how the application appears in the user portal, which users may access the application, if the application requires additional authorization, and how your internal user accounts are mapped to Clarizen accounts. Other application profile controls record and report changes to settings. For general information about single sign-on (SSO) configuration, see Introduction to application management. Before starting configuration, it helps to understand the basic steps of configuration, to know Clarizen’s single sign-on (SSO) characteristics, and to have everything you need for configuration in place. SAML single sign-on configuration overview Clarizen offers both IdP-initiated SAML SSO (for SSO access through the user portal or CyberArk mobile apps) and SP-initiated SAML SSO (for SSO access directly through Clarizen). You can configure Clarizen for either or both types of SSO. To configure Clarizen for single sign-on: Ensure that your Clarizen account is ready for single sign-on: Have a Clarizen administrator account to provide the rights to set up SSO. In the Identity Administration portal, add the Clarizen application profile if it’s not already added and set the security certificate. You’ll need information in the application profile to set up SSO. For detailed information, see Add Clarizen and setting a security certificate. For detailed information, see Configure Clarizen in the Identity Administration portal. On the Clarizen web site, configure your organization’s Clarizen account for SSO via SAML. For detailed information, see Configure Clarizen for SSO. In the Identity Administration portal, configure the Clarizen application profile to control how Clarizen access works through the user portal or CyberArk mobile apps. Before you can configure Clarizen for SSO, you need the following: An active Clarizen account with administrator rights for your organization. A signed

Site with user name/password instead of SSO. Everyone (internal and external) allows all your users to sign in through the Clarizen web site with user name/password instead of SSO. Enable API access If checked, allows applications that connect to Clarizen via the Clarizen API to authenticate for your users. When unchecked, these applications may not connect to Clarizen for your users. Advanced verification Leave this option unchecked. Advanced request Leave this option unchecked. To login via SSO Clarizen generates this URL as an SSO sign-in page for SP-initiated SAML for your users. You can provide it to users if they want to use SSO but don’t access Clarizen through the user portal or the CyberArk mobile apps. Click Save into save the SAML settings and turn on SSO for your organization’s Clarizen account. Sign out of your Clarizen account. SP-Initiated SSO When you set up SSO on Clarizen, SP-initiated SSO is automatically enabled. The way it works depends on how you set password authentication and on the URL used to access Clarizen. You can supply your users the custom Clarizen URL provided by the To login via SSO field in the Federated Authentication dialog box (as described previously). When users access the URL, Clarizen redirects them to CyberArk Identity for SSO authentication. CyberArk Identity then returns the user to his or her account at Clarizen if authentication is successful. If the user goes to the standard Clarizen sign-in page and tries to sign in when Enable Password authentication is disabled, the page tells the user to use Federated Authentication to connect, which requires them to use the custom Clarizen SSO URL. If Enable Password authentication is not disabled for the user, they can sign in via user-password and bypass SSO. Once they’ve successfully signed in, a Clarizen cookie on their

Define whether to create, synchronize, or create & sync the data in the direction defined in step 3.Note: Create is normally used only for the initial process where you want to ensure that all fields are available in both systems.Click Add to define additional fields.Repeat steps 3-7 for all of the relevant fields associated with the defined object. Defining Links and RelationsClarizen allows you to link and associate related objects as part of the process. In addition you can populate fields both in Clarizen and the integrated system with the synchronization status and date for easy monitoring of the sync process. Clarizen LinksYou can link the mapped Clarizen object to additional objects in Clarizen when a new object is created. For example, link a newly created project to the relevant customer.To create Clarizen links:Select the Object entity in Clarizen as explained aboveClick + to open the Create Clarizen Links section. Click Add. Link the defined object to an object from the Link to list.Some objects may require a linking method. Select the linking method from the using list.Define whether to use a Source Object Field from the available list or an evaluation criteria identifier.Use source object field - Select a field from the relevant object in Clarizen. This option requires a mapping between the two item types and will utilize the Object Mapping definition (above) to locate the object in Clarizen. The link will be created for the object within Clarizen and synced to the object referenced by that field. If the selected object is not synced to Clarizen, it may be created if the Clarizen Create Policy is Create in the relevant object mapping.Identified by - ​Allows you to add evaluation criteria which will determine what object in Clarizen to link to.Click Add to define additional links.Repeat steps 4-6 for all required links. Clarizen RelationsClarizen relations allows you to map multiple relations to an object in the integrated system.To define relations:Select the Object entity in Clarizen as explained aboveClick + to open the Map Related Clarizen Objects section.Click Add Related Object.Define the Related object.Define the Relationship type.To use conditions:Click Add. Define the desired conditions.When using multiple conditions, you can define the logical expression as either AND (default), or OR. Select an object in the integrated system to map. A link will appear to either view the object mapping if mapping was already defined or to create a new object mapping. In both cases the mapping editor is opened where you can view the mapping settings or complete the same process for the rest of the mapping options for a new mapping.Click Add Related Object to create an additional relation mapping.Repeat steps 4-7 for each of the relations.Synchronization Fields MappingYou