Clarity

We are on version 13.3 and On Demand as well as SSO.

Leadership would like us to implement the Clarity Mobile Timesheet App.  I have looked in the community and saw one other person has asked this previously last year. Documentation provided as a response stated there was an issue fixed (CLRT-72388 - Cannot log into timesheet mobile application if the server is using SSO).

Can anyone confirm if we can use this or not?  We've asked support and don't really get a straight answer.  We need to respond to our leadership. . . .

Thank you!

The particular defect you listed has had a fix made available for it since 13.2.0.3 and higher (including higher versions not just patches, so 13.3 and 14.2 are also included).

Are you using the OnDemand Portal or are you using your own SSO solution (i.e. a federated SSO configuration)?

If the former, then provided you are not on a lower version than I mentioned above, then you should try logging in using the following values in the app, provided you have also granted the appropriate permissions in Clarity for using the app:

  URL: OD Portal URL

  User Name: OD Portal User Name

  Password: OD Portal Password

To be clear, the Clarity Mobile Timesheet App is itself not an SSO enabled application - you have to provide credentials to it and login - but it can work on SSO enabled environments if those details are given, as Clarity would then take those credentials and authenticate the user against the same LDAP (directory server of users) that the OnDemand Portal also uses to authenticate.

However if you are using a federated SSO configuration, i.e. you have your own branded SSO login page for Clarity as well as your other apps, it is not as straightforward (maybe not even possible), as your own authentication credentials would not be matched to the LDAP server that Clarity is connected to.

I work with Ruthann and can try to answer.  Our users login through SSO configured by CA OD.  They currently can login through the OD portal, but we will be disabling this so that the only way to login via SSO.  If I understand what you are saying, I have a username and password that I can use to log in to the OD portal.  Nick, you are saying that the same username and password can be used to log into the Application from your mobile phone.  We can try this and see what happens, but the next question would be, what if we have disabled users to login from the portal?

I think in that case (using federated SSO services - i.e. your own company's SSO solution/provider will negotiate with OnDemand to allow your authenticated users to connect) the following Ideas are relevant, both in terms of what is possible and also what is desired:

To allow MTM Authentication with SSO

CA PPM MTM: Build-in additional SDKs to enable application-wrapping

In the first Idea it is suggested that you could use Clarity's username/password for logging into the application.  Currently, with the OnDemand Portal provided your logins (and it uses SSO technology itself), your users in Clarity will be set to 'External authentication', meaning you don't set/control the passwords in Clarity.  That would need to be turned off in order to do what the first Idea is suggesting is possible today - but I'm not sure that can be recommended when going to federated SSO because in approx. 3 months or less those account passwords in Clarity are going to expire and need resetting - and there'll be no place to do that.

I'm not sure if our Services or partners have come up with a strategy for dealing with this or not, but until the Ideas can be implemented I believe you would need something to help manage this.