How to Set Up SSO
Setting up SSO involves a few straightforward steps, ensuring a smooth and secure connection between your identity provider and Clayton.
Initiate Setup & Verify Your Email Domain
Before SSO can be enabled, you'll need to verify your domain to confirm ownership. This is a crucial security step and with out you will not be able to enable SSO.
To verify your domain:
Click your workspace icon in Clayton.
Go to General > Domain.
Select New Domain.
Enter the domain you wish to verify.
You will now be provided a verification code
Navigate to the DNS record section of your domain host.
Create a TXT record using the verification code provided by Clayton as the value.
Once the TXT record is created, return to Clayton and click Verify.
β
Please note: DNS record updates can take up to 48 hours to propagate. You can check if your DNS record is publicly accessible using a tool like dnschecker.org.
Configure Your Identity Provider & Share Parameters
Once your DNS record has successfully updated, contact the Clayton team via the in-app chat (bottom right of your screen).
We will then create and provide you with the Service Provider (SP) parameters you'll need to configure within your chosen Identity Provider (Okta, Azure AD, OneLogin):
Parameter | Value |
Relying Party (or ServiceProvider) Single Sign-On URL | (Provided by Clayton) |
Relying Party (or ServiceProvider) Single Log-Out URL | (Provided by Clayton) |
Relying Party (or ServiceProvider) Metadata URL | (Provided by Clayton) |
Once you've configured these settings in your Identity Provider, please gather the following information from it and share it with the Clayton team:
Parameter | Value |
Asserting Party (or IdentityProvider) Issuer | (From your Identity Provider) |
Asserting Party (or IdentityProvider) Single Sign-On URL | (From your Identity Provider) |
Asserting Party (or IdentityProvider) Metadata URL | (From your Identity Provider) |
[Optional] After LogOut Redirect URL | (From your Identity Provider) |
Activation
After you have provided this information to the Clayton team, we complete some final check and then activate your SSO integration. We'll then notify you once it's live and ready for your team to use!
Updating your Certificate
When you update your certificate in your Identity Provider In most cases you do not need todo anything as the location of the certificate should not change.
If you have any issues with your SSO after changing your certificate then you should check the below parameters.
If any have changed Reach out via the in-app chat and provide us with the updated details, once we put them into our system this should resolve the issue.
Parameter | Value |
Asserting Party (or IdentityProvider) Issuer | (From your Identity Provider) |
Asserting Party (or IdentityProvider) Single Sign-On URL | (From your Identity Provider) |
Asserting Party (or IdentityProvider) Metadata URL | (From your Identity Provider) |
[Optional] After LogOut Redirect URL | (From your Identity Provider) |