Configure SSO in the IRIS Dashboard
Head to the IRIS Clarity dashboard in a new tab and navigate to the SSO settings page Team > Manage team
Enter a domain name. This must be unique to you (we will verify that it is available)Alphanumeric (numbers and/or letters)Lower caseNo special characters (!@£$%^&*()_-+=)No spaces3-30 characters in length
Add IRIS Clarity app to Azure
- To add IRIS Clarity as an application open the Enterprise Applications page the Azure portal
- Click + New application
- Click + Create your own application
- Give it a name e.g. IRIS Clarity
- Ensure the following checkbox is ticked Integrate any other application you don't find in the gallery (Non-gallery)
- Click Create
Configure Single sign-on in Azure
Select Single sign-on in the left side panel
Select SAML from the options
Under Basic SAML Configuration, click Edit to make changes
Under Identifier (Entity ID), click Add identifier and paste the Identifier (Entity ID) link that was generated in the IRIS Clarity dashboard.
Under Reply URL (Assertion Consumer Service URL), click Add reply URL and paste the Reply URL (Assertion Consumer Service URL) link that was generated in the IRIS Clarity dashboard.
Click Save at the top of the screen. Ensure all details are correct. You will be unable to edit this after you hit save.
In the SAML Certificates section of Azure ID, copy the App Federation Metadata Url
In the IRIS Clarity Dashboard, paste this URL in the App Federation Metadata Url section
No further configuration is needed in the IRIS Clarity dashboard.
You can return to the SSO configuration section in the Azure AD tab later to test the SSO flow.
Grant permissions to the IRIS Clarity application
Go to App Registrations (or search for App Registrations in the main search bar)
Select All applications and click the IRIS Clarity application you have just created
In the left side panel select API Permissions > Add a permission > Microsoft Graph > Delegated Permissions > Search for and check the following permissions,
Click Add permissions
Single Sign On configuration between Azure AD and IRIS Clarity is now complete.
Test SSO and initial login
Add users to the enterprise application
Add users / groups to the new IRIS Clarity application to be able to log in to the app via SSO or set assignment required to be no.
You can now test the SSO flow in the Single sign-on section of the Clarity app
After you have completed the SAML setup, an admin in your tenant will need to log in first. That user will need to accept on behalf of your Azure AD tenant. Once this is done, no-one else will see this screen.
IRIS Clarity dashboard assignment
You will need to ensure that all users who have been added to the Azure AD SSO application are added to the team in the IRIS account dashboard.
If you see the following error this means you have not added users to your new IRIS Clarity enterprise application.
IRIS Clarity Multi-tenant
Sorry, but we're having trouble with signing you in.
AADSTS50105: Your administrator has configured the application Name of enterprise application (xxxxx) to block users unless they are specifically granted ('assigned') access to the application. The signed in user 'firstname.lastname@example.org' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator.
Please contact your administrator to assign access to this application.