{"id":11098,"date":"2022-11-03T12:20:12","date_gmt":"2022-11-03T12:20:12","guid":{"rendered":"https:\/\/clockify.me\/help\/?p=11098"},"modified":"2026-03-20T12:59:26","modified_gmt":"2026-03-20T12:59:26","slug":"single-sign-on-sso","status":"publish","type":"post","link":"https:\/\/clockify.me\/help\/fr\/getting-started\/single-sign-on-sso","title":{"rendered":"Authentification unique (SSO)"},"content":{"rendered":"\n<div class=\"wp-block-custom-audience-tag audience-tag-box\"><span class=\"tag-title\">Who can use this feature?<\/span><div class=\"tag-rows\"><div class=\"tag-row\"><svg width=\"18\" height=\"18\" viewBox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask-aud-final\" style=\"mask-type:alpha\" maskUnits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask-aud-final)\"><path d=\"M12 12C10.9 12 9.95833 11.6083 9.175 10.825C8.39167 10.0417 8 9.1 8 8C8 6.9 8.39167 5.95833 9.175 5.175C9.95833 4.39167 10.9 4 12 4C13.1 4 14.0417 4.39167 14.825 5.175C15.6083 5.95833 16 6.9 16 8C16 9.1 15.6083 10.0417 14.825 10.825C14.0417 11.6083 13.1 12 12 12ZM4 20V17.2C4 16.6333 4.14583 16.1125 4.4375 15.6375C4.72917 15.1625 5.11667 14.8 5.6 14.55C6.63333 14.0333 7.68333 13.6458 8.75 13.3875C9.81667 13.1292 10.9 13 12 13C13.1 13 14.1833 13.1292 15.25 13.3875C16.3167 13.6458 17.3667 14.0333 18.4 14.55C18.8833 14.8 19.2708 15.1625 19.5625 15.6375C19.8542 16.1125 20 16.6333 20 17.2V20H4ZM6 18H18V17.2C18 17.0167 17.9542 16.85 17.8625 16.7C17.7708 16.55 17.65 16.4333 17.5 16.35C16.6 15.9 15.6917 15.5625 14.775 15.3375C13.8583 15.1125 12.9333 15 12 15C11.0667 15 10.1417 15.1125 9.225 15.3375C8.30833 15.5625 7.4 15.9 6.5 16.35C6.35 16.4333 6.22917 16.55 6.1375 16.7C6.04583 16.85 6 17.0167 6 17.2V18ZM12 10C12.55 10 13.0208 9.80417 13.4125 9.4125C13.8042 9.02083 14 8.55 14 8C14 7.45 13.8042 6.97917 13.4125 6.5875C13.0208 6.19583 12.55 6 12 6C11.45 6 10.9792 6.19583 10.5875 6.5875C10.1958 6.97917 10 7.45 10 8C10 8.55 10.1958 9.02083 10.5875 9.4125C10.9792 9.80417 11.45 10 12 10Z\" fill=\"black\" fill-opacity=\"0.87\"><\/path><\/g><\/svg><span>Workspace owner<\/span><\/div><div class=\"tag-row\"><svg width=\"18\" height=\"18\" viewBox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask-flg-final\" style=\"mask-type:alpha\" maskUnits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask-flg-final)\"><path d=\"M5 21V4H14L14.4 6H20V16H13L12.6 14H7V21H5ZM14.65 14H18V8H12.75L12.35 6H7V12H14.25L14.65 14Z\" fill=\"black\" fill-opacity=\"0.87\"><\/path><\/g><\/svg><span>Enterprise plan<\/span><\/div><\/div><\/div>\n\n\n\n<p>Single Sign-On (SSO) is an authentication method that lets your team log in to Clockify using existing company credentials (e.g., Okta, Azure, Google). This eliminates the need for separate passwords and centralizes access control.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"495\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/12-1024x495.png\" alt=\"\" class=\"wp-image-30166\" style=\"aspect-ratio:2.0687266710278216;width:710px;height:auto\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/12-1024x495.png 1024w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/12-300x145.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/12-768x371.png 768w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/12-1536x743.png 1536w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/12-18x9.png 18w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/12.png 1725w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div class=\"wp-block-custom-highlight-box custom-box color-green\"><div class=\"box-header\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask-green\" style=\"mask-type:alpha\" maskUnits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask-green)\"><path d=\"M5 21.0001C4.45 21.0001 3.97917 20.8043 3.5875 20.4126C3.19583 20.0209 3 19.5501 3 19.0001V5.0001C3 4.4501 3.19583 3.97926 3.5875 3.5876C3.97917 3.19593 4.45 3.0001 5 3.0001H13.925L11.925 5.0001H5V19.0001H19V12.0501L21 10.0501V19.0001C21 19.5501 20.8042 20.0209 20.4125 20.4126C20.0208 20.8043 19.55 21.0001 19 21.0001H5ZM9 15.0001V10.7501L18.175 1.5751C18.375 1.3751 18.6 1.2251 18.85 1.1251C19.1 1.0251 19.35 0.975098 19.6 0.975098C19.8667 0.975098 20.1208 1.0251 20.3625 1.1251C20.6042 1.2251 20.825 1.3751 21.025 1.5751L22.425 3.0001C22.6083 3.2001 22.75 3.42093 22.85 3.6626C22.95 3.90426 23 4.1501 23 4.4001C23 4.6501 22.9542 4.89593 22.8625 5.1376C22.7708 5.37926 22.625 5.6001 22.425 5.8001L13.25 15.0001H9ZM11 13.0001H12.4L18.2 7.2001L17.5 6.5001L16.775 5.8001L11 11.5751V13.0001Z\" fill=\"#4CAF50\"><\/path><\/g><\/svg><span class=\"box-label\">Note<\/span><\/div><div class=\"box-content\">\n<p class=\"translation-block\">This is a paid feature, which you can enable by <a aria-label=\" (opens in a new tab)\" href=\"https:\/\/clockify.me\/pricing\" target=\"_blank\" rel=\"noreferrer noopener\">upgrading<\/a> your workspace to <strong>Enterprise plan<\/strong>.<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"0-what-happens-when-sso-is-activated\">What happens when SSO is activated?<\/h3>\n\n\n\n<p>Once SSO is enabled and configured for your workspace:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Users will no longer use a Clockify-specific password. Instead, they will be authenticated through your organization&#8217;s Identity Provider (IdP).<\/li>\n\n\n\n<li>If enabled, new users who log in via SSO for the first time will have a Clockify account automatically created and added to your workspace.<\/li>\n\n\n\n<li class=\"translation-block\">Your team will access Clockify through your custom subdomain (e.g., <em>yourcompany.clockify.me<\/em>).<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-custom-highlight-box custom-box color-green\"><div class=\"box-header\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask-green\" style=\"mask-type:alpha\" maskUnits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask-green)\"><path d=\"M5 21.0001C4.45 21.0001 3.97917 20.8043 3.5875 20.4126C3.19583 20.0209 3 19.5501 3 19.0001V5.0001C3 4.4501 3.19583 3.97926 3.5875 3.5876C3.97917 3.19593 4.45 3.0001 5 3.0001H13.925L11.925 5.0001H5V19.0001H19V12.0501L21 10.0501V19.0001C21 19.5501 20.8042 20.0209 20.4125 20.4126C20.0208 20.8043 19.55 21.0001 19 21.0001H5ZM9 15.0001V10.7501L18.175 1.5751C18.375 1.3751 18.6 1.2251 18.85 1.1251C19.1 1.0251 19.35 0.975098 19.6 0.975098C19.8667 0.975098 20.1208 1.0251 20.3625 1.1251C20.6042 1.2251 20.825 1.3751 21.025 1.5751L22.425 3.0001C22.6083 3.2001 22.75 3.42093 22.85 3.6626C22.95 3.90426 23 4.1501 23 4.4001C23 4.6501 22.9542 4.89593 22.8625 5.1376C22.7708 5.37926 22.625 5.6001 22.425 5.8001L13.25 15.0001H9ZM11 13.0001H12.4L18.2 7.2001L17.5 6.5001L16.775 5.8001L11 11.5751V13.0001Z\" fill=\"#4CAF50\"><\/path><\/g><\/svg><span class=\"box-label\">Note<\/span><\/div><div class=\"box-content\">\n<p>When accessing your custom subdomain for the first time, you must verify your identity via one-time-password (OTP) to meet our updated safety standards. This extra layer of security is only required during your initial login.<\/p>\n<\/div><\/div>\n\n\n\n<p>Activating SSO changes how your team accesses their accounts:<\/p>\n\n\n\n<p class=\"translation-block\">1. Users go to your workspace&#8217;s custom subdomain, such as <em>acmecorp.clockify.me<\/em>.<br>2. Clicking on <strong>Log in with SSO<\/strong> redirects to your company\u2019s sign-in page (like Okta or Microsoft).<br>3. After entering their company credentials, they are instantly redirected back to Clockify, fully logged in.<\/p>\n\n\n\n<div class=\"wp-block-custom-highlight-box custom-box color-red\"><div class=\"box-header\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask0_1_85248\" style=\"mask-type:alpha\" maskUnits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask0_1_85248)\"><path d=\"M1 21L12 2L23 21H1ZM4.45 19H19.55L12 6L4.45 19ZM12 18C12.2833 18 12.5208 17.9042 12.7125 17.7125C12.9042 17.5208 13 17.2833 13 17C13 16.7167 12.9042 16.4792 12.7125 16.2875C12.5208 16.0958 12.2833 16 12 16C11.7167 16 11.4792 16.0958 11.2875 16.2875C11.0958 16.4792 11 16.7167 11 17C11 17.2833 11.0958 17.5208 11.2875 17.7125C11.4792 17.9042 11.7167 18 12 18ZM11 15H13V10H11V15Z\" fill=\"#F44336\"><\/path><\/g><\/svg><span class=\"box-label\">Warning<\/span><\/div><div class=\"box-content\">\n<p class=\"translation-block\">If you disable <strong>Log in with email<\/strong>, users will be required to use SSO, preventing any logins via standard email\/password combinations for maximum security.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"1-setting-up-custom-subdomain\">Setting up custom subdomain<\/h2>\n\n\n\n<div class=\"wp-block-custom-highlight-box custom-box color-green\"><div class=\"box-header\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask-green\" style=\"mask-type:alpha\" maskUnits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask-green)\"><path d=\"M5 21.0001C4.45 21.0001 3.97917 20.8043 3.5875 20.4126C3.19583 20.0209 3 19.5501 3 19.0001V5.0001C3 4.4501 3.19583 3.97926 3.5875 3.5876C3.97917 3.19593 4.45 3.0001 5 3.0001H13.925L11.925 5.0001H5V19.0001H19V12.0501L21 10.0501V19.0001C21 19.5501 20.8042 20.0209 20.4125 20.4126C20.0208 20.8043 19.55 21.0001 19 21.0001H5ZM9 15.0001V10.7501L18.175 1.5751C18.375 1.3751 18.6 1.2251 18.85 1.1251C19.1 1.0251 19.35 0.975098 19.6 0.975098C19.8667 0.975098 20.1208 1.0251 20.3625 1.1251C20.6042 1.2251 20.825 1.3751 21.025 1.5751L22.425 3.0001C22.6083 3.2001 22.75 3.42093 22.85 3.6626C22.95 3.90426 23 4.1501 23 4.4001C23 4.6501 22.9542 4.89593 22.8625 5.1376C22.7708 5.37926 22.625 5.6001 22.425 5.8001L13.25 15.0001H9ZM11 13.0001H12.4L18.2 7.2001L17.5 6.5001L16.775 5.8001L11 11.5751V13.0001Z\" fill=\"#4CAF50\"><\/path><\/g><\/svg><span class=\"box-label\">Note<\/span><\/div><div class=\"box-content\">\n<p>To use SSO, you first need to move your workspace to subdomain. Once you do that, you can configure SSO settings and disable other login methods.<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"2-moving-to-subdomain\">Moving to subdomain<\/h3>\n\n\n\n<p class=\"translation-block\">Before you can configure and start using SSO for authorization, you need to move your Clockify app domain to a <strong>custom subdomain<\/strong>.<\/p>\n\n\n\n<p class=\"Clockify translation-block\">When you upgrade your Clockify subscription to <strong>Enterprise plan<\/strong>, you will get <strong>Authentication<\/strong> tab in the <strong>Workspace<\/strong> <strong>settings<\/strong>. There, you can enter the subdomain you&#8217;d like to use and move your workspace there.<\/p>\n\n\n\n<p>To set up subdomain:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to the <strong>Authentication<\/strong> tab in the <strong><a href=\"https:\/\/clockify.me\/help\/track-time-and-expenses\/workspaces#workspace-settings\">Workspace settings<\/a><\/strong><\/li>\n\n\n\n<li>Enter your custom subdomain in the provided field<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Create subdomain<\/strong> and <strong>Create<\/strong> to confirm the action<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"381\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-12-23-at-10.47.02-1024x381.png\" alt=\"\" class=\"wp-image-21656\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-12-23-at-10.47.02-1024x381.png 1024w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-12-23-at-10.47.02-300x112.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-12-23-at-10.47.02-768x286.png 768w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-12-23-at-10.47.02-1536x572.png 1536w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-12-23-at-10.47.02-2048x763.png 2048w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-12-23-at-10.47.02-18x7.png 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>After you created your subdomain and moved your workspace there, Google login will no longer work for you and your users. <\/p>\n\n\n\n<p class=\"translation-block\">If you&#8217;d, however, like to use Google login, you need to set it up manually by configuring&nbsp;<strong>OAuth 2.0 (OIDC) <\/strong>for <strong>SSO<\/strong>. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"3-accessing-clockify-from-subdomain\">Accessing Clockify from subdomain<\/h3>\n\n\n\n<p>After you create your subdomain, you&#8217;ll automatically be logged out of any apps you were logged in with your Clockify account. You&#8217;ll have access to them only through the subdomain you created (e.g. https:\/\/yourcompanysubdomain.clockify.me\/login).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-workspaces-on-subdomain\">Workspaces on subdomain<\/h3>\n\n\n\n<p>To access multiple workspaces, log in to the main Clockify domain. Use the Workspace switcher (nine-dot icon) to access another workspace.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"413\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Workspace-switcher.gif\" alt=\"\" class=\"wp-image-30340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"5-changing-subdomain\">Changing subdomain<\/h3>\n\n\n\n<div class=\"wp-block-custom-highlight-box custom-box color-indigo\"><div class=\"box-header\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask-indigo\" style=\"mask-type:alpha\" maskUnits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask-indigo)\"><path d=\"M12 17C12.2833 17 12.5208 16.9042 12.7125 16.7125C12.9042 16.5208 13 16.2833 13 16C13 15.7167 12.9042 15.4792 12.7125 15.2875C12.5208 15.0958 12.2833 15 12 15C11.7167 15 11.4792 15.0958 11.2875 15.2875C11.0958 15.4792 11 15.7167 11 16C11 16.2833 11.0958 16.5208 11.2875 16.7125C11.4792 16.9042 11.7167 17 12 17ZM11 13H13V7H11V13ZM12 22C10.6167 22 9.31667 21.7375 8.1 21.2125C6.88333 20.6875 5.825 19.975 4.925 19.075C4.025 18.175 3.3125 17.1167 2.7875 15.9C2.2625 14.6833 2 13.3833 2 12C2 10.6167 2.2625 9.31667 2.7875 8.1C3.3125 6.88333 4.025 5.825 4.925 4.925C5.825 4.025 6.88333 3.3125 8.1 2.7875C9.31667 2.2625 10.6167 2 12 2C13.3833 2 14.6833 2.2625 15.9 2.7875C17.1167 3.3125 18.175 4.025 19.075 4.925C19.975 5.825 20.6875 6.88333 21.2125 8.1C21.7375 9.31667 22 10.6167 22 12C22 13.3833 21.7375 14.6833 21.2125 15.9C20.6875 17.1167 19.975 18.175 19.075 19.075C18.175 19.975 17.1167 20.6875 15.9 21.2125C14.6833 21.7375 13.3833 22 12 22ZM12 20C14.2333 20 16.125 19.225 17.675 17.675C19.225 16.125 20 14.2333 20 12C20 9.76667 19.225 7.875 17.675 6.325C16.125 4.775 14.2333 4 12 4C9.76667 4 7.875 4.775 6.325 6.325C4.775 7.875 4 9.76667 4 12C4 14.2333 4.775 16.125 6.325 17.675C7.875 19.225 9.76667 20 12 20Z\" fill=\"#3F51B5\"><\/path><\/g><\/svg><span class=\"box-label\">Info<\/span><\/div><div class=\"box-content\">\n<p>Once you change your URL, your users will be logged out and will have to use the workspace through the new URL.<\/p>\n<\/div><\/div>\n\n\n\n<p>You can change subdomain URL at any time. <\/p>\n\n\n\n<p>If you cancel the subscription to the Enterprise plan: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>you&#8217;ll move back to the main domain when the subscription expires<\/li>\n\n\n\n<li>your subdomain will become available for others to use <\/li>\n\n\n\n<li>your users will have to log in with their email<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6-api-keys-on-subdomain-\">API keys on subdomain <\/h3>\n\n\n\n<p>For security reasons, each user on subdomain gets a separate API key that works only for that workspace &#8211; meaning, no one can access your data on your subdomain unless they have the right authorization.<\/p>\n\n\n\n<p>If, for example, there is a user with two separate Enterprise workspaces, workspace owners can&#8217;t see, or access data from each others accounts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"7-inviting-new-users\">Inviting new users<\/h2>\n\n\n\n<p class=\"translation-block\">Once you&#8217;re in the subdomain workspace, you can invite users one by one <strong>using email<\/strong> (like before), or let anyone join without you having to manually invite them.<\/p>\n\n\n\n<p class=\"translation-block\">To let anyone join, check the <strong>Users can join without an invite<\/strong> checkbox.<\/p>\n\n\n\n<p>If you use SSO and someone without an account tries to log in, the account will be automatically created for them and they&#8217;ll log in.<\/p>\n\n\n\n<p class=\"translation-block\">If you allow <strong>Log in with email<\/strong>, people will be able to create an account and automatically join your workspace.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"8-configuring-sso\">Configuring SSO<\/h2>\n\n\n\n<p class=\"note, translation-block\">If you&#8217;d like to use SSO via your mobile devices (android or iOS) all the SSO configurations supported by Clockify should contain <strong>[yourcompany subdomain].clockify.me<\/strong> links. For example, in the <strong>Redirect URL<\/strong> section add <strong>https:\/\/yourcompanysubdomain.clockify.me\/login\/android\/oauth2<\/strong> or <strong>https:\/\/yourcompanysubdomain.clockify.me\/login\/ios\/oauth2<\/strong> link.<\/p>\n\n\n\n<p>Clockify supports all major SSO identity providers:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\">SAML 2.0 (<a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#saml-2-0-with-google\">Google<\/a>, <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#saml-2-0-with-onelogin\">OneLogin<\/a>, <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#saml-2-0-with-okta\">Okta<\/a>, <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#saml-2-0-with-microsoft-azure\">Azure<\/a>, <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#saml-2-0-with-rippling\">Rippling<\/a>, <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#saml-2-0-with-jumpcloud\">JumpCloud<\/a>)<\/li>\n\n\n\n<li class=\"translation-block\">OAuth 2.0 (OIDC) (<a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#oauth-2-0-oidc-with-google\">Google<\/a>, <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#oauth-2-0-oidc-with-microsoft-azure\">Azure<\/a>, <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#oauth-2-0-oidc-with-okta\">Okta<\/a>)<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">Only workspace owner can see <strong>Authorization <\/strong>tab, manage subdomain, configure SSO, and turn SSO on\/off.<\/p>\n\n\n\n<p class=\"translation-block\">If you wish to force everyone to log in with SSO, simply turn off the <strong>Log in with email<\/strong> option. Once this change has been saved,  your workspace members accounts will be required to use SSO to log in.<\/p>\n\n\n\n<p>Data in the SSO configuration can always be edited or deleted. If deleted, your users will have to switch back to logging in by using email.<\/p>\n\n\n\n<p class=\"translation-block\">Owner can always log in using the original credentials at <strong>https:\/\/mysubdomain.clockify.me\/login-owner<\/strong><\/p>\n\n\n\n<p class=\"translation-block\">To add <strong>Default Relay State<\/strong>, use the parameters below.<\/p>\n\n\n\n<div class=\"wp-block-custom-highlight-box custom-box color-green\"><div class=\"box-header\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask-green\" style=\"mask-type:alpha\" maskUnits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask-green)\"><path d=\"M5 21.0001C4.45 21.0001 3.97917 20.8043 3.5875 20.4126C3.19583 20.0209 3 19.5501 3 19.0001V5.0001C3 4.4501 3.19583 3.97926 3.5875 3.5876C3.97917 3.19593 4.45 3.0001 5 3.0001H13.925L11.925 5.0001H5V19.0001H19V12.0501L21 10.0501V19.0001C21 19.5501 20.8042 20.0209 20.4125 20.4126C20.0208 20.8043 19.55 21.0001 19 21.0001H5ZM9 15.0001V10.7501L18.175 1.5751C18.375 1.3751 18.6 1.2251 18.85 1.1251C19.1 1.0251 19.35 0.975098 19.6 0.975098C19.8667 0.975098 20.1208 1.0251 20.3625 1.1251C20.6042 1.2251 20.825 1.3751 21.025 1.5751L22.425 3.0001C22.6083 3.2001 22.75 3.42093 22.85 3.6626C22.95 3.90426 23 4.1501 23 4.4001C23 4.6501 22.9542 4.89593 22.8625 5.1376C22.7708 5.37926 22.625 5.6001 22.425 5.8001L13.25 15.0001H9ZM11 13.0001H12.4L18.2 7.2001L17.5 6.5001L16.775 5.8001L11 11.5751V13.0001Z\" fill=\"#4CAF50\"><\/path><\/g><\/svg><span class=\"box-label\">Note<\/span><\/div><div class=\"box-content\">\n<p>Make sure to use curly brackets and straight quotes instead of the curly ones, otherwise it won&#8217;t work.<\/p>\n<\/div><\/div>\n\n\n\n<p>Example of Default Relay State:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"location\":\"https:\/\/yourcompanysubdomain.clockify.me\", \"organizationName\":\"yourcompanysubdomain\"}<\/code><\/pre>\n\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-9230ab6b-09c9-4101-9b8b-3a7c820fc223\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-f73e6c1e-e982-493e-a45d-1532b26ee718\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading translation-block\" id=\"9-saml-20-with-okta\">SAML 2.0 with Okta<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"ratio ratio-16x9\"><iframe loading=\"lazy\" title=\"Setting up Okta SSO in Clockify\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/jg5iFfn6I3U?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div><figcaption class=\"wp-element-caption\">User interface displayed in this video may not correspond to the latest version of the app.<\/figcaption><\/figure>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-f73e6c1e-e982-493e-a45d-1532b26ee718\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-f73e6c1e-e982-493e-a45d-1532b26ee718\" tabindex=\"0\">\n\t\t\t\tshow more<br><br>\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-f73e6c1e-e982-493e-a45d-1532b26ee718\" aria-hidden=\"true\">\n\t\t\t\n\n<h3 class=\"wp-block-heading\" id=\"10-step-1-create-subdomain-in-clockify-\">Step 1: Create subdomain in Clockify <\/h3>\n\n\n\n<p class=\"translation-block\">For more information on this, check out\u00a0<a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#setting-up-custom-subdomain\">Setting up custom subdomain<\/a>\u00a0section.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-step-2-create-application-in-okta\">Step 2: Create application in Okta<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>Applications<\/strong> in the sidebar<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Create App Integration<\/strong> button<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>SAML 2.0<\/strong> in modal<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Next<\/strong><\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"12-create-saml-20-integration\">Create SAML 2.0 integration<\/h4>\n\n\n\n<p class=\"translation-block\">In <strong>General Settings<\/strong> form, enter the following information and click <strong>Next<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>App name<\/strong>: e.g. Clockify<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Logo<\/strong>: e.g. upload Clockify logo<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">In <strong>Configure SAML<\/strong> form, enter the following information:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Single sign on URL<\/strong> (or ACS): Specific URL that SAML assertions from Okta should be sent to (e.g. https:\/\/global.api.clockify.me\/auth\/saml2)<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Audience URI<\/strong> (Entity ID in your app): Unique identifier of your custom application; same as <strong>Entity Id<\/strong> in SAML authentication field (e.g. https:\/\/yourcompanysubdomain.clockify.me)<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Default Relay State<\/strong>: IdP-initiated authentication so that users can log in to Clockify straight from the Okta dashboard<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">Example of <strong>Default Relay State<\/strong>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"location\":\"https:\/\/yourcompanysubdomain.clockify.me\", \"organizationName\":\"yourcompanysubdomain\"}<\/code><\/pre>\n\n\n\n<p class=\"note\">Make sure you put straight quotes instead of the curly ones, or it won&#8217;t work.<\/p>\n\n\n\n<p class=\"translation-block\">Leave everything else as is and click <strong>Next<\/strong>.<\/p>\n\n\n\n<p class=\"translation-block\">In <strong>Feedback<\/strong> check <strong>I&#8217;m an Okta customer adding an internal app<\/strong> and click <strong>Finish<\/strong>.<\/p>\n\n\n\n<p>You should get the screen that looks something like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"746\" height=\"744\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_17.png\" alt=\"\" class=\"wp-image-8993\" style=\"width:560px;height:558px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_17.png 746w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_17-300x300.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_17-150x150.png 150w\" sizes=\"auto, (max-width: 746px) 100vw, 746px\" \/><\/figure>\n\n\n\n<p class=\"translation-block\">As the final step in this section, click <strong>View Setup Instructions<\/strong> button seen in the screenshot above.<\/p>\n\n\n\n<p class=\"note\">In <strong>How to Configure SAML 2.0 for Clockify Application<\/strong>, you&#8217;ll get the list of data you need in order to configure your Clockify application.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"13-step-3-add-sso-configuration-in-clockify\">Step 3: Add SSO configuration in Clockify<\/h3>\n\n\n\n<p class=\"translation-block\">Now, in Clockify, in the <strong>Authentication<\/strong> screen:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Click <strong>Add SSO Configuration<\/strong> at the bottom of the screen<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>SAML2<\/strong> as authentication type<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Okta<\/strong> as <strong>IdP Template<\/strong><\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\"><strong>SAML2 authentication<\/strong> form appears:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"498\" height=\"913\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/sso_okta_initial_screen.png\" alt=\"\" class=\"wp-image-18728\" style=\"width:397px;height:auto\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/sso_okta_initial_screen.png 498w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/sso_okta_initial_screen-164x300.png 164w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/sso_okta_initial_screen-7x12.png 7w\" sizes=\"auto, (max-width: 498px) 100vw, 498px\" \/><\/figure>\n\n\n\n<p>Enter the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Entity Id (Audience URI in Okta): <\/strong>e.g. https:\/\/yourcompanysubdomain.clockify.me<\/li>\n\n\n\n<li><strong>Metadata Url<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Navigate back to Okta<\/li>\n\n\n\n<li class=\"translation-block\">Copy the <strong>Identity Provider metadata<\/strong> link from the <strong>Settings<\/strong> section in Okta <\/li>\n\n\n\n<li><strong>Save it as an .xml file and upload it to Clockify<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li class=\"translation-block\"><strong>SAML SSO URL<\/strong>: Copy\/paste <strong>Identity Provider Single Sign-On URL<\/strong> from Okta&#8217;s <strong>How to configure SAML 2.0 for Clockify Application<\/strong><\/li>\n<\/ul>\n\n\n\n<p>For example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>https:\/\/okta.ops.clockify.me\/app\/dev05335506_clockifytempsaml2_1\/exk4erumfseHaalgs5d7\/sso\/saml<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Advanced<\/strong>: Copy\/paste <strong>X.509 Certificate<\/strong> from Okta<\/li>\n<\/ul>\n\n\n\n<p>Finally, your screen in Clockify should look something like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"672\" height=\"1024\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.14.31-672x1024.png\" alt=\"\" class=\"wp-image-18729\" style=\"width:414px;height:auto\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.14.31-672x1024.png 672w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.14.31-197x300.png 197w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.14.31-768x1171.png 768w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.14.31-8x12.png 8w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.14.31.png 996w\" sizes=\"auto, (max-width: 672px) 100vw, 672px\" \/><\/figure>\n\n\n\n<p>and<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"992\" height=\"948\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.41.42.png\" alt=\"\" class=\"wp-image-18732\" style=\"width:413px;height:auto\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.41.42.png 992w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.41.42-300x287.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.41.42-768x734.png 768w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-12-at-16.41.42-13x12.png 13w\" sizes=\"auto, (max-width: 992px) 100vw, 992px\" \/><\/figure>\n\n\n\n<p class=\"tip; translation-block\">After entering all required data, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This action ensures the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with a <strong>Finish configuration<\/strong> button.<\/p>\n\n\n\n<p class=\"translation-block\">Click <strong>Finish configuration<\/strong> to complete the process and enable <strong>Log in with SAML2<\/strong>. Optionally, disable <strong>Log in with email and password<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"14-step-4-assign-application-in-okta\">Step 4: Assign application in Okta<\/h3>\n\n\n\n<p>In Okta:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>Applications<\/strong> <\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Clockify <\/strong><\/li>\n\n\n\n<li class=\"translation-block\">In <strong>Assignments<\/strong> tab click <strong>Assign<\/strong> <\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Assign to People\/Groups<\/strong> depending on who from your Okta account you&#8217;d like to be able to access Clockify<\/li>\n<\/ol>\n\n\n\n<p>And that&#8217;s it! Now you, and your workspace users are able to log in to your workspace with SAML2.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"290\" height=\"132\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_6.png\" alt=\"\" class=\"wp-image-9028\"><\/figure>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-f73e6c1e-e982-493e-a45d-1532b26ee718\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-f73e6c1e-e982-493e-a45d-1532b26ee718\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-0383f54d-f804-4ea0-9a1b-d44afa543de2\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-763f1219-4b36-47e2-a9b6-c496b84c4da2\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"15-saml-20-with-onelogin\">SAML 2.0 with OneLogin<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"ratio ratio-16x9\"><iframe loading=\"lazy\" title=\"Setting up OneLogin SSO in Clockify\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/fi5YfwbzrSk?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div><figcaption class=\"wp-element-caption\">User interface displayed in this video may not correspond to the latest version of the app.<\/figcaption><\/figure>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-763f1219-4b36-47e2-a9b6-c496b84c4da2\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-763f1219-4b36-47e2-a9b6-c496b84c4da2\" tabindex=\"0\">\n\t\t\t\tshow more<br><br>\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-763f1219-4b36-47e2-a9b6-c496b84c4da2\" aria-hidden=\"true\">\n\t\t\t\n\n<h3 class=\"wp-block-heading\" id=\"16-step-1-create-subdomain-in-clockify-\">Step 1: Create subdomain in Clockify <\/h3>\n\n\n\n<p class=\"translation-block\">For more information on this, check out\u00a0<a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#setting-up-custom-subdomain\">Setting up custom subdomain<\/a>\u00a0section.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"17-step-2-create-application-in-onelogin\">Step 2: Create application in OneLogin<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>Applications<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Add App<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Search and choose <strong>SAML Custom Connector<\/strong> (Advanced)<\/li>\n\n\n\n<li>Info: \n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Display Name<\/strong>: Clockify<\/li>\n\n\n\n<li class=\"translation-block\">Logo: e.g. upload Clockify logo<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">Click <strong>Save<\/strong> and fill out the <strong>Configuration<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Audience<\/strong>: Clockify<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Recipient<\/strong>: https:\/\/global.api.clockify.me\/auth\/saml2<\/li>\n\n\n\n<li class=\"translation-block\"><strong>ACS (Consumer) URL Validator<\/strong>*: ^https:\\\/\\\/global.api.clockify\\.me\\\/auth\\\/saml2\\\/$<\/li>\n\n\n\n<li class=\"translation-block\"><strong>ACS (Consumer) URL<\/strong>*: https:\/\/global.api.clockify.me\/auth\/saml2<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Login URL<\/strong>: https:\/\/yourcompanysubdomain.clockify.me\/<\/li>\n\n\n\n<li class=\"translation-block\"><strong>SAML initiator<\/strong>: Service Provider<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Save <\/strong>to complete the process<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"18-step-3-add-sso-configuration-in-clockify\">Step 3: Add SSO configuration in Clockify<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Click <strong>Add SSO Configuration<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>SAML2<\/strong> as authentication type<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>OneLogin<\/strong> as <strong>IdP Template<\/strong> and fill out the following fields\n<ul class=\"wp-block-list\">\n<li><strong>Audience<\/strong> (<strong>Entity Id<\/strong>): Clockify<\/li>\n\n\n\n<li><strong>Metadata Url<\/strong>: Go to OneLogin &gt; SSO and copy Issuer URL then paste it in Metadata Url in Clockify<\/li>\n\n\n\n<li><strong>Login Url<\/strong>: Copy\/paste SAML 2.0 Endpoint (HTTP) from SSO section in OneLogin<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">In <strong>Advanced<\/strong> section, enter:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Certificate<\/strong>: Copy\/paste the <strong>X.509 Certificate<\/strong> from View Details, SSO in OneLogin<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"19-step-4-assign-application-in-onelogin\">Step 4: Assign application in OneLogin<\/h3>\n\n\n\n<p>In OneLogin:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to <strong>Users<\/strong> (this is where you choose which users from your OneLogin account will be able to access Clockify)<\/li>\n\n\n\n<li>Click on the specific User<\/li>\n\n\n\n<li class=\"translation-block\">In <strong>Applications<\/strong>, click the <strong>+<\/strong> sign to add an app<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Clockify<\/strong> <\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Continue<\/strong> and <strong>Save<\/strong><\/li>\n<\/ol>\n\n\n\n<p class=\"tip, translation-block\">In Clockify, after entering all required data, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This action ensures the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with a <strong>Finish configuration<\/strong> button.<\/p>\n\n\n\n<p class=\"translation-block\">Click <strong>Finish configuration<\/strong> to complete the process and enable <strong>Log in with SAML 2.0<\/strong>. Optionally, you can disable <strong>Log in with email and password<\/strong>.<\/p>\n\n\n\n<p>And that&#8217;s it! Now you, and your workspace users are able to log in to your workspace with SAML 2.0.<\/p>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-763f1219-4b36-47e2-a9b6-c496b84c4da2\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-763f1219-4b36-47e2-a9b6-c496b84c4da2\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-ba3e1e89-cf40-4ea2-9fd1-56bd33aa59e8\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-52bc9a15-1384-41cd-bada-f4e8cfde9e95\" aria-hidden=\"false\">\n\t\t\t\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-e94cc028-82ee-4288-99c0-1a08162d8195\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-4f62f59c-4175-4122-9a0f-c4947b8e8fa3\" aria-hidden=\"false\">\n\t\t\t\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-43953a36-94d0-4e0e-a13a-e5ba5b2af7c6\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-da04b1ec-b8ed-4868-b0a5-360dee228f66\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"20-saml-20-with-google\">SAML 2.0 with Google<\/h2>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-da04b1ec-b8ed-4868-b0a5-360dee228f66\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-da04b1ec-b8ed-4868-b0a5-360dee228f66\" tabindex=\"0\">\n\t\t\t\tshow more\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-da04b1ec-b8ed-4868-b0a5-360dee228f66\" aria-hidden=\"true\">\n\t\t\t\n\n<h3 class=\"wp-block-heading\" id=\"21-step-1-create-subdomain-in-clockify-\">Step 1: Create subdomain in Clockify<br><\/h3>\n\n\n\n<p class=\"translation-block\">For more information, check out <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#setting-up-custom-subdomain\">Setting up custom subdomain<\/a> section.<\/p>\n\n\n\n<p>Clockify:\u00a0<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to the <strong>Authentication<\/strong> tab\u00a0<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Add SSO Configuration<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>SAML2<\/strong> as identity provider In <strong>Authentication type<\/strong> window<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Next<\/strong>\u00a0<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Google<\/strong> as <strong>IdP template\u00a0<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"498\" height=\"914\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-09.22.56.png\" alt=\"\" class=\"wp-image-18739\" style=\"width:386px;height:auto\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-09.22.56.png 498w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-09.22.56-163x300.png 163w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-09.22.56-7x12.png 7w\" sizes=\"auto, (max-width: 498px) 100vw, 498px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"22-step-2-create-application-in-google-\">Step 2: Create application in Google\u00a0<\/h3>\n\n\n\n<p>Google:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Create Google account and go to the <strong>Admin <\/strong>page\u00a0<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Add custom SAML<\/strong> app in <strong>Add app<\/strong><br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/b4om5Xv5tczNS2oGUhBSVrVhwE7kUE7y31kEZACuxkegYDWcIMinrjkyD0idTsuRyXrMlcnTr3Ft1JFvpP6SKthN0BMcsnX3mF5JwvSZ2tSQso3MxGMQM0QTpVmGuQLdvnMCR2Ur8lDUYntRGUMLdhM\" width=\"624\" height=\"260\"><\/li>\n\n\n\n<li class=\"translation-block\">Insert the following<br>&#8211; <strong>App name<\/strong>: e.g. <a href=\"https:\/\/yourcompanysubdomain.clockify.me\/\">https:\/\/yourcompanysubdomain.clockify.me\/<br><\/a>&#8211; <strong>Description<\/strong>: e.g. Clockify SAML2 demo app<br>&#8211; <strong>App icon<\/strong>: optionally add icon<br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/1kD5Pg67QD_nxFpxVRAnjgOb8ZUl3QeGGGQm--_LLi7rtgGj5Azz2HY80nbjzOVqKy47P5RImPMC6Fggab5X46OqO4n0WUiqWH40K_2yQYqPY5oMiJUAW8cY8qbKDU3O20DBHiXO5oeWbI8ImS5xbEc\" width=\"624\" height=\"241\"><\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Continue<\/strong>\u00a0<\/li>\n\n\n\n<li class=\"translation-block\">You\u2019ll proceed to the <strong>Google Identity Provider details<\/strong> screen<br>Google side:<br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/yw8oM_741-dq3O2mzU4Ctsx_miJVRapDewYVQxQER0l6bY46YpbW01I6GbTkRIq1fyujuHdRvy7TYI38RBJO_cBzUjm0Y6-Lo3fV639SiHkjR29U4EfEdFd_tob6mclQ9XDJZIhT_iJmkRR7DA80OKE\" width=\"624\" height=\"403\"><\/li>\n\n\n\n<li class=\"translation-block\">Download <strong>IdP metadata URL<\/strong> and upload it to <strong>Clockify\/IdP Metadata URL <\/strong>field<\/li>\n\n\n\n<li class=\"translation-block\">Copy <strong>SSO URL<\/strong> and paste it to <strong>Login URL<\/strong> field in Clockify<br>Clockify side:<br><img loading=\"lazy\" decoding=\"async\" width=\"386\" height=\"709\" class=\"wp-image-18740\" style=\"width: 386px;\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-06-13-at-09.26.30.png\" alt=\"\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-06-13-at-09.26.30.png 497w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-06-13-at-09.26.30-163x300.png 163w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2024-06-13-at-09.26.30-7x12.png 7w\" sizes=\"auto, (max-width: 386px) 100vw, 386px\" \/><\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Continue<\/strong><br>Google side:<\/li>\n\n\n\n<li class=\"translation-block\">You\u2019ll proceed to <strong>Service provider details<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Insert the following:<br>&#8211; ACS URL: Copy\/paste <strong>Reply URL<\/strong> from Clockify, e.g. https:\/\/global.api.clockify.me\/auth\/saml2<br>&#8211; Entity ID: Unique identifier of your custom application, e.g. Clockify<br>&#8211; Start URL: Copy\/paste <strong>Default Relay State<\/strong> from Clockify, e.g.\u00a0<\/li>\n<\/ol>\n\n\n\n<p>{&#8220;location&#8221;:&#8221;https:\/\/yourcompanysubdomain.clockify.me&#8221;,&#8221;organizationName&#8221;:&#8221;yourcompanysubdomain&#8221;}<br><br><br><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"352\" src=\"https:\/\/lh7-us.googleusercontent.com\/LK7SMMSCoo7XKMVL5Ibxndpxi19UPtm9X3bR9H4D93SVaOKvCMQ2F3alutDy9RLIwfQNMvfAM-OgLutRyLbQkczZiwQOiS79WvszLiI8WhXg92i4P1OquUkD_F7CvWJ9WP4XIxAgmX7lQFZEX8EeUbo\"><\/p>\n\n\n\n<ol start=\"11\" class=\"wp-block-list\">\n<li class=\"translation-block\">\u00a0Click <strong>Continue<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">You\u2019ll proceed to the <strong>Attribute mapping<\/strong> screen<br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/9L__Wp9Wnt0HR_Mnw4E_Whoqb72v8lFikCet_Uoh7U-V7JjDC1Wa-emmtotb9zBYiK9HQu3YzDP3PsWCn-OLZokPC3jZIuJyWy87wMqL8rBakfEoHFIrIzdVx4xMWpJQTfjbnCEvlRR9Hn2VoVsHfHM\" width=\"624\" height=\"344\"><\/li>\n\n\n\n<li>Click <strong>Finish <\/strong>to complete the process<\/li>\n<\/ol>\n\n\n\n<p class=\"tip, translation-block\">After entering all required data, on the Clockify side, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This action ensures the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with a <strong>Finish configuration<\/strong> button.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"994\" height=\"948\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-11.17.10.png\" alt=\"\" class=\"wp-image-18751\" style=\"width:386px;height:auto\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-11.17.10.png 994w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-11.17.10-300x286.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-11.17.10-768x732.png 768w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-11.17.10-13x12.png 13w\" sizes=\"auto, (max-width: 994px) 100vw, 994px\" \/><\/figure>\n\n\n\n<p class=\"translation-block\">Now that you\u2019ve completed all the steps and created the app, open the app\u2019s settings and in <strong>Service status<\/strong> enable the app for everyone.<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/8l96nQWaaDJOZDOyZCcEbF0TKAF4cGern4ePDpe_aiEjUcbngFlQJlUhv3vC8Mj_w3GZuNsBE3ayqksq2N6idy2qukwUvQtai7oMTPLitATRAHibbOU7P4C_nkUaZpfR1qZawnhAW3A0cvhHH6KGJ5s\" alt=\"\"><\/figure>\n\n\n\n<p>The app you created will appear in the Google workspace for all the users of that workspace.\u00a0\u00a0\u00a0<\/p>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-da04b1ec-b8ed-4868-b0a5-360dee228f66\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-da04b1ec-b8ed-4868-b0a5-360dee228f66\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-d8be3e36-c17d-41da-8c28-056f585ebac0\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-c726f6e2-3831-44f5-9cf1-21a93a9ba2cb\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"23-saml-20-with-rippling\">SAML 2.0 with Rippling<\/h2>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-c726f6e2-3831-44f5-9cf1-21a93a9ba2cb\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-c726f6e2-3831-44f5-9cf1-21a93a9ba2cb\" tabindex=\"0\">\n\t\t\t\tshow more\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-c726f6e2-3831-44f5-9cf1-21a93a9ba2cb\" aria-hidden=\"true\">\n\t\t\t\n\n<h3 class=\"wp-block-heading\" id=\"24-step-1-create-subdomain-in-clockify\">Step 1: Create subdomain in Clockify<\/h3>\n\n\n\n<p class=\"translation-block\">For more information, check out the <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#setting-up-custom-subdomain\">Setting up custom subdomain<\/a> section.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"25-step-2-create-application-in-rippling\">Step 2: Create application in Rippling<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to Rippling as Administrator<\/li>\n\n\n\n<li class=\"translation-block\">Select <strong>IT management<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Select <strong>Custom app<\/strong><\/li>\n\n\n\n<li>Give app a descriptive name, select category and upload a logo<\/li>\n\n\n\n<li class=\"translation-block\">Check <strong>Single Sign-on<\/strong> (<strong>SAML<\/strong>)<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Continue<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Confirm that you are <strong>Application admin<\/strong><\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">New page with SSO instructions opens and you can proceed with the next step. The page contains <strong>SSO Setup instructions<\/strong> which include the IdP Metadata XML file.<\/p>\n\n\n\n<p>Download IdP Metadata from Rippling. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"26-step-3-add-sso-configuration-in-clockify\">Step 3: Add SSO configuration in Clockify<\/h3>\n\n\n\n<p class=\"translation-block\">In the <strong>Authentication<\/strong> tab in which you created your subdomain: <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Click <strong>Add SSO Configuration<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>SAML2<\/strong> as authentication type and click <strong>Next<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Rippling<\/strong> as <strong>IdP Template<\/strong><\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">In <strong>SAML2 authentication <\/strong>form that appears, enter the following information: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Entity Id<\/strong> (<strong>Service Provider Entity ID <\/strong>in Rippling): e.g. <a href=\"https:\/\/yourcompanysubdomain.clockify.me\">https:\/\/yourcompanysubdomain.clockify.me<\/a><\/li>\n\n\n\n<li><strong>Metadata Url<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Upload IdP Metadata XML file you downloaded in Step 2<br>or<\/li>\n\n\n\n<li class=\"translation-block\">Copy\/paste <strong>IdP Metadata URL<\/strong> from Rippling<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Login Url<\/strong>: Copy\/paste <strong>Single Sign-on URL<\/strong>\/<strong>Target URL<\/strong> from Rippling<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">After entering all required data, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This way you can be certain of the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with the <strong>Finish configuration<\/strong> button. <\/p>\n\n\n\n<p class=\"translation-block\">Click <strong>Finish configuration<\/strong> to complete the process and enable<strong> Log in with SAML2<\/strong>. Optionally, disable <strong>Log in with email and password<\/strong>. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"27-step-4-assign-application-in-rippling-\">Step 4: Assign application in Rippling <\/h3>\n\n\n\n<p>Navigate back to Rippling. <\/p>\n\n\n\n<p class=\"translation-block\">On <strong>SSO Instructions<\/strong> page scroll down and enter the following: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>ACS URL<\/strong>: Copy\/paste <strong>Reply URL<\/strong> from Clockify<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Service Provider Entity ID<\/strong>: Copy\/paste <strong>Entity ID<\/strong> from Clockify<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Click <strong>Move to<\/strong> <strong>Next Step<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Access Rules<\/strong> you want<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Provision Time<\/strong> you want<\/li>\n\n\n\n<li>Configure SSO for Admins if necessary<\/li>\n\n\n\n<li>Configure Group Attributes if necessary<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Connect via Rippling<\/strong> if you&#8217;d like to check the connection between apps or simply <strong>Continue<\/strong><\/li>\n<\/ol>\n\n\n\n<p>And that&#8217;s it! You&#8217;ve successfully installed your application in Rippling and you and your users are now able to log in to your workspace with SAML2.0.<\/p>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-c726f6e2-3831-44f5-9cf1-21a93a9ba2cb\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-c726f6e2-3831-44f5-9cf1-21a93a9ba2cb\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n\t\t\t<a id=\"ub-expand-toggle-partial-4f62f59c-4175-4122-9a0f-c4947b8e8fa3\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-4f62f59c-4175-4122-9a0f-c4947b8e8fa3\" tabindex=\"0\">\n\t\t\t\t\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-4f62f59c-4175-4122-9a0f-c4947b8e8fa3\" aria-hidden=\"true\">\n\t\t\t\n\t\t\t<a id=\"ub-expand-toggle-full-4f62f59c-4175-4122-9a0f-c4947b8e8fa3\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-4f62f59c-4175-4122-9a0f-c4947b8e8fa3\" tabindex=\"0\">\n\t\t\t\t\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-66fff997-d54a-4430-8858-dc4a52dce0fa\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-9bc91f80-7186-4168-8618-cb4613d3f37e\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"28-saml-20-with-jumpcloud\">SAML 2.0 with JumpCloud<\/h2>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-9bc91f80-7186-4168-8618-cb4613d3f37e\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-9bc91f80-7186-4168-8618-cb4613d3f37e\" tabindex=\"0\">\n\t\t\t\tshow more\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-9bc91f80-7186-4168-8618-cb4613d3f37e\" aria-hidden=\"true\">\n\t\t\t\n\n<h3 class=\"wp-block-heading\" id=\"29-step-1-create-subdomain-in-clockify\">Step 1: Create subdomain in Clockify<\/h3>\n\n\n\n<p class=\"translation-block\">For more information on this, check out the <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#setting-up-custom-subdomain\">Setting up custom subdomain<\/a> section.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"30-step-2-add-sso-configuration-in-clockify-\">Step 2: Add SSO Configuration in Clockify\u00a0<\/h3>\n\n\n\n<p class=\"translation-block\">In the <strong>Authentication<\/strong> tab in which you created your subdomain:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Click <strong>Add SSO Configuration<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>SAML2<\/strong> as authentication type and click <strong>Next<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>JumpCloud<\/strong> as <strong>IdP Template<\/strong><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"31-step-3-create-application-in-jumpcloud\">Step 3: Create application in JumpCloud<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to <strong>SSO<\/strong> in the sidebar on the left<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>+<\/strong> to add new app<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Custom SAML App<\/strong><\/li>\n\n\n\n<li>In <strong>Application Information<\/strong> enter the following:<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Display Label<\/strong>: Application name e.g. Clockify<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Logo<\/strong>: e.g. upload Clockify logo<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">In SSO tab you can proceed with the next step. The page contains <strong>SSO Setup instructions<\/strong> which include the IdP Metadata XML file. Download IDP Metadata from JumpCloud and save it for later.<\/p>\n\n\n\n<p>Continue by populating the following fields.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>IdP Entity ID<\/strong>: e.g. <a href=\"https:\/\/yourcompanysubdomain.clockify.me\">https:\/\/yourcompanysubdomain.clockify.me<\/a>\u00a0<\/li>\n\n\n\n<li class=\"translation-block\"><strong>SP Entity ID<\/strong>: Copy\/paste <strong>Default Relay State<\/strong> from <strong>Clockify<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Example of Default Relay State:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"location\":\"https:\/\/yourcompanysubdomain.clockify.me\", \"organizationName\":\"yourcompanysubdomain\"}<\/code><\/pre>\n\n\n\n<div class=\"wp-block-custom-highlight-box custom-box color-green\"><div class=\"box-header\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 24 24\" fill=\"none\"><mask id=\"mask-green\" style=\"mask-type:alpha\" maskunits=\"userSpaceOnUse\" x=\"0\" y=\"0\" width=\"24\" height=\"24\"><rect width=\"24\" height=\"24\" fill=\"#D9D9D9\"><\/rect><\/mask><g mask=\"url(#mask-green)\"><path d=\"M5 21.0001C4.45 21.0001 3.97917 20.8043 3.5875 20.4126C3.19583 20.0209 3 19.5501 3 19.0001V5.0001C3 4.4501 3.19583 3.97926 3.5875 3.5876C3.97917 3.19593 4.45 3.0001 5 3.0001H13.925L11.925 5.0001H5V19.0001H19V12.0501L21 10.0501V19.0001C21 19.5501 20.8042 20.0209 20.4125 20.4126C20.0208 20.8043 19.55 21.0001 19 21.0001H5ZM9 15.0001V10.7501L18.175 1.5751C18.375 1.3751 18.6 1.2251 18.85 1.1251C19.1 1.0251 19.35 0.975098 19.6 0.975098C19.8667 0.975098 20.1208 1.0251 20.3625 1.1251C20.6042 1.2251 20.825 1.3751 21.025 1.5751L22.425 3.0001C22.6083 3.2001 22.75 3.42093 22.85 3.6626C22.95 3.90426 23 4.1501 23 4.4001C23 4.6501 22.9542 4.89593 22.8625 5.1376C22.7708 5.37926 22.625 5.6001 22.425 5.8001L13.25 15.0001H9ZM11 13.0001H12.4L18.2 7.2001L17.5 6.5001L16.775 5.8001L11 11.5751V13.0001Z\" fill=\"#4CAF50\"><\/path><\/g><\/svg><span class=\"box-label\">Note<\/span><\/div><div class=\"box-content\">\n<p>Make sure you put straight quotes instead of curly ones, or it won\u2019t work.<\/p>\n<\/div><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>ACS URL: <\/strong>Copy\/paste <strong>Reply URL <\/strong>from Clockify, e.g. <a href=\"https:\/\/global.api.clockify.me\/auth\/saml2\">https:\/\/global.api.clockify.me\/auth\/saml2<\/a><\/li>\n<\/ul>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li class=\"translation-block\">In <strong>User attribute mapping<\/strong> add attributes mapping <strong>Service Provider Attribute Name<\/strong> to <strong>JumpCloud Attribute Name<\/strong>\u00a0<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Activate<\/strong><\/li>\n\n\n\n<li>Open the application you created<\/li>\n\n\n\n<li class=\"translation-block\">Click on <strong>IDP Certificate Valid<\/strong> on the left and download the certificate<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Save<\/strong><\/li>\n<\/ol>\n\n\n\n<p>You\u2019ve successfully created your application in JumpCloud. Now you can decide which users from your JumpCloud account will be able to access Clockify and finish the configuration in Clockify.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"32-step-4-finish-sso-configuration-in-clockify\">Step 4: Finish SSO configuration in Clockify<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate back to Clockify<\/li>\n\n\n\n<li class=\"translation-block\">In <strong>SAML2 authentication<\/strong> form enter the following information:<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>IdP Entity ID<\/strong>: e.g. <a href=\"https:\/\/yourcompanysubdomain.clockify.me\">https:\/\/yourcompanysubdomain.clockify.me<\/a><\/li>\n\n\n\n<li class=\"translation-block\"><strong>Metadata Url<\/strong>: Upload IdP Metadata XML file you downloaded in Step 3<\/li>\n\n\n\n<li class=\"translation-block\"><strong>IdP Url<\/strong>: Copy\/paste IDP URL from JumpCloud<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Advanced<\/strong>: Copy\/paste IDP Certificate from JumpCloud<\/li>\n<\/ul>\n\n\n\n<p class=\"tip, translation-block\">After entering all required data, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This action ensures the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with a <strong>Finish configuration<\/strong> button.<\/p>\n\n\n\n<p class=\"translation-block\">Click <strong>Finish configuration<\/strong> to complete the process and enable <strong>Log in with SAML2<\/strong>. Optionally, disable <strong>Log in with email and password<\/strong>.<\/p>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-9bc91f80-7186-4168-8618-cb4613d3f37e\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-9bc91f80-7186-4168-8618-cb4613d3f37e\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-820e4172-0eb1-40d8-b4b9-ca04e328b57a\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-8a196d6a-35d4-4327-a6be-88b617273f43\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"33-oauth-20-oidc-with-google\">OAuth 2.0 (OIDC) with Google<\/h2>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-8a196d6a-35d4-4327-a6be-88b617273f43\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-8a196d6a-35d4-4327-a6be-88b617273f43\" tabindex=\"0\">\n\t\t\t\tshow more\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-8a196d6a-35d4-4327-a6be-88b617273f43\" aria-hidden=\"true\">\n\t\t\t\n\n<p>Once you move to subdomain, the default Google login will stop working and you&#8217;ll have to configure it manually to continue using it. <\/p>\n\n\n\n<p>Setting up Google login is quick and easy. <\/p>\n\n\n\n<p class=\"translation-block\">You need to have a <strong>G Suite<\/strong> or <strong>Cloud Identity<\/strong> account in order to do this. <\/p>\n\n\n\n<p class=\"translation-block\">You need to <a href=\"https:\/\/support.google.com\/cloud\/answer\/6158849?ref_topic=6262490\">Set up OAuth 2.0<\/a> in your Google account, create a project and get OAuth 2.0 client ID for a web application.<\/p>\n\n\n\n<p class=\"translation-block\">In <strong>Google Cloud Platform<\/strong> navigate to <strong>API &amp; Services<\/strong> and choose <strong>Credentials<\/strong>. Open the project\/application you&#8217;ve created and paste <strong>https:\/\/yourclockifysubdomain.clockify.me\/login<\/strong> under the <strong>Authorized redirect URIs<\/strong>. <\/p>\n\n\n\n<p>You should also add then following URIs in order for the OAuth login to work on Clockify mobile apps: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/yourcompanysubdomain.clockify.me\/login<\/li>\n\n\n\n<li>https:\/\/yourcompanysubdomain.clockify.me\/login\/android\/oauth2<\/li>\n\n\n\n<li>https:\/\/yourcompanysubdomain.clockify.me\/login\/ios\/oauth2<\/li>\n<\/ul>\n\n\n\n<p>If you&#8217;re using one of the regional servers for hosting, please note that the URIs for workspaces that are on subdomain won&#8217;t contain the indicator of the region in question, although they are hosted on a regional server. <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">In Clockify, go to <strong>Authentication<\/strong> tab<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Add SSO Configuration<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>OAuth2<\/strong> authentication type<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Google<\/strong> in <strong>IdP Templates<\/strong> modal<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Next<\/strong>  <\/li>\n\n\n\n<li class=\"translation-block\">Copy\/paste <strong>Client ID<\/strong> and <strong>Client Secret<\/strong> from your <strong>Google app<\/strong> as seen in the example below (fields in the <strong>Advanced <\/strong>section will be pre-populated)<\/li>\n<\/ol>\n\n\n\n<p>Your screen in Clockify should look something like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"994\" height=\"830\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_goodle_1.png\" alt=\"\" class=\"wp-image-18741\" style=\"width:366px;height:auto\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_goodle_1.png 994w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_goodle_1-300x251.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_goodle_1-768x641.png 768w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_goodle_1-14x12.png 14w\" sizes=\"auto, (max-width: 994px) 100vw, 994px\" \/><\/figure>\n\n\n\n<p>and<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"373\" height=\"939\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_google_2.png\" alt=\"\" class=\"wp-image-18742\" style=\"width:366px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_google_2.png 373w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_google_2-119x300.png 119w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_with_google_2-5x12.png 5w\" sizes=\"auto, (max-width: 373px) 100vw, 373px\" \/><\/figure>\n\n\n\n<p class=\"translation-block\">After entering all required data, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This action ensures the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with a <strong>Finish configuration<\/strong> button.<\/p>\n\n\n\n<p class=\"translation-block\">Click <strong>Finish configuration<\/strong> to complete the process. Check the<strong>Log in with OAuth <\/strong>checkbox to start using Google login. Optionally, you can force everyone to use your company&#8217;s Google identity for logging in by disabling <strong>Log in with email and password<\/strong>.<\/p>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-8a196d6a-35d4-4327-a6be-88b617273f43\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-8a196d6a-35d4-4327-a6be-88b617273f43\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n\t\t\t<a id=\"ub-expand-toggle-partial-52bc9a15-1384-41cd-bada-f4e8cfde9e95\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-52bc9a15-1384-41cd-bada-f4e8cfde9e95\" tabindex=\"0\">\n\t\t\t\t\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-52bc9a15-1384-41cd-bada-f4e8cfde9e95\" aria-hidden=\"true\">\n\t\t\t\n\n<ol class=\"wp-block-list\">\n<li>\n<\/li><\/ol>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-52bc9a15-1384-41cd-bada-f4e8cfde9e95\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-52bc9a15-1384-41cd-bada-f4e8cfde9e95\" tabindex=\"0\">\n\t\t\t\t\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-4cf35aa0-2338-4755-a498-85c143249617\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-e9905068-5e12-46f7-a1b2-093e4dd10454\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"34-oauth-20-oidc-with-microsoft-azure\">OAuth 2.0 (OIDC) with Microsoft Azure<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"ratio ratio-16x9\"><iframe loading=\"lazy\" title=\"Setting up Azure SSO (OAuth 2.0) in Clockify\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/ap32vV3Ushg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div><figcaption class=\"wp-element-caption\">User interface displayed in this video may not correspond to the latest version of the app.<\/figcaption><\/figure>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-e9905068-5e12-46f7-a1b2-093e4dd10454\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-e9905068-5e12-46f7-a1b2-093e4dd10454\" tabindex=\"0\">\n\t\t\t\tshow more<br><br>\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-e9905068-5e12-46f7-a1b2-093e4dd10454\" aria-hidden=\"true\">\n\t\t\t\n\n<p>You can connect Azure to Clockify by setting up OAuth.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"35-step-1-create-subdomain-in-clockify\">Step 1: Create subdomain in Clockify<\/h3>\n\n\n\n<p class=\"translation-block\">For more information on this, check out\u00a0<a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#setting-up-custom-subdomain\">Setting up custom subdomain<\/a>\u00a0section.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"36-step-2-add-sso-configuration-in-clockify\">Step 2: Add SSO configuration in Clockify<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Click <strong>Add SSO Configuration<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>OAuth2<\/strong> as authentication type<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Azure<\/strong> in <strong>IdP Templates<\/strong> modal<\/li>\n\n\n\n<li class=\"translation-block\">Copy <strong>Redirect URL<\/strong><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"37-step-3-register-application-in-azuread\">Step 3: Register application in AzureAD<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>App registrations<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>New Registration<\/strong><\/li>\n\n\n\n<li>Enter the following information:\n<ul class=\"wp-block-list\">\n<li>Info:\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Name<\/strong>: Clockify<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Supported account types<\/strong>: Choose what you prefer; in our case it&#8217;s <strong>Accounts in this organizational directory only<\/strong> (<strong>Default Directory only &#8211; Single tenant<\/strong>)<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Redirect URI<\/strong>: Paste <strong>Redirect URL<\/strong> you copied from Step 2; https:\/\/yourcompanysubdomain.clockify.me\/login (it can also be: https:\/\/yourcompanysubdomain.clockify.me\/login\/ios\/oauth2 or https:\/\/yourcompanysubdomain.clockify.me\/login\/android\/oauth2) and click <strong>Register<\/strong> to continue<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">Or, if you&#8217;re using one of the regional servers, you should add one of the <a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#regional-redirection\">regional URLs<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"38-step-4-configure-clockify-amp-azure\">Step 4: Configure (Clockify &amp; Azure)<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"39-configure-azuread-\">Configure AzureAD:\u00a0<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Certificates &amp; Secrets<\/strong>:\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\">Choose <strong>New client secret<\/strong>\n<ul class=\"wp-block-list\">\n<li>Description: Clockify <\/li>\n\n\n\n<li>Expires: Never <\/li>\n<\/ul>\n<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Add<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Client Secret<\/strong>: Copy\/paste the value of this client secret <\/li>\n\n\n\n<li><strong>API permissions<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Add a permission\n<ul class=\"wp-block-list\">\n<li>Microsoft Graph <\/li>\n\n\n\n<li class=\"translation-block\">Check openid in <strong>Delegated permissions<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Add permissions (you can also check other permissions such as <strong>email<\/strong> and <strong>profile<\/strong>)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Refresh the page<\/li>\n\n\n\n<li class=\"translation-block\">Go back to <strong>Overview<\/strong><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"40-configure-clockify\">Configure Clockify:<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OAuth2 authentication<\/strong>:\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Client Id<\/strong>: Go to Azure &#8212; Overview &#8212; Application (client) ID: copy the value and paste it back in Clockify<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Client Secret<\/strong>: this should already be pasted from previous steps (Certificates &amp; Secrets)<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Directory (tenant) ID<\/strong>: Go to Azure &#8212; Overview &#8212; Directory (tenant) ID copy the value and paste it back in Clockify<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">Fields in the <strong>Advanced<\/strong> section will be pre-populated.<\/p>\n\n\n\n<p>Your screen in Clockify should look something like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"996\" height=\"992\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_1.png\" alt=\"\" class=\"wp-image-18743\" style=\"width:366px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_1.png 996w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_1-300x300.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_1-150x150.png 150w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_1-768x765.png 768w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_1-12x12.png 12w\" sizes=\"auto, (max-width: 996px) 100vw, 996px\" \/><\/figure>\n\n\n\n<p>and<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"373\" height=\"938\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_2.png\" alt=\"\" class=\"wp-image-18744\" style=\"width:366px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_2.png 373w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_2-119x300.png 119w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/oauth_azure_2-5x12.png 5w\" sizes=\"auto, (max-width: 373px) 100vw, 373px\" \/><\/figure>\n\n\n\n<p class=\"tip, translation-block\">After entering all required data, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This action ensures the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with a <strong>Finish configuration<\/strong> button.<\/p>\n\n\n\n<p class=\"translation-block\">Click <strong>Finish configuration<\/strong> to complete the process. Check the<strong> Log in with OAuth <\/strong>checkbox (and optionally disable <strong>Log in with email and password<\/strong>).<\/p>\n\n\n\n<p class=\"translation-block\">Alternatively, you can connect Azure using the SAML2 authentication protocol, first by\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/enterprise-apps\/add-application-portal\">adding an unlisted (non-gallery) application<\/a>\u00a0to your Azure AD organization and then\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/manage-apps\/configure-single-sign-on-non-gallery-applications\">configuring SAML-based single sign-on<\/a>\u00a0to this non-gallery application.<\/p>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-e9905068-5e12-46f7-a1b2-093e4dd10454\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-e9905068-5e12-46f7-a1b2-093e4dd10454\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-c060f0ac-f8b6-4a44-872d-19b6f1cca5b1\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-364c2af7-9b4f-4dcd-8b4f-54dc9d661285\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"41-saml-20-with-microsoft-azure\">SAML 2.0 with Microsoft Azure<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"ratio ratio-16x9\"><iframe loading=\"lazy\" title=\"Setting up Azure SSO (SAML 2.0) in Clockify\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/sC5vgPnRRPs?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div><figcaption class=\"wp-element-caption\">User interface displayed in this video may not correspond to the latest version of the app.<\/figcaption><\/figure>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-364c2af7-9b4f-4dcd-8b4f-54dc9d661285\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-364c2af7-9b4f-4dcd-8b4f-54dc9d661285\" tabindex=\"0\">\n\t\t\t\tshow more<br><br>\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-364c2af7-9b4f-4dcd-8b4f-54dc9d661285\" aria-hidden=\"true\">\n\t\t\t\n\n<h3 class=\"wp-block-heading\" id=\"42-step-1-create-subdomain-in-clockify\">Step 1: Create subdomain in Clockify<\/h3>\n\n\n\n<p class=\"translation-block\">For more information on this, check out\u00a0<a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#setting-up-custom-subdomain\">Setting up custom subdomain<\/a>\u00a0section.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"43-step-2-add-application-in-azure\">Step 2: Add application in Azure<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>Enterprise Applications<\/strong><\/li>\n\n\n\n<li class=\"translation-block\"><strong>New application<\/strong> (then make sure you&#8217;re on the new gallery view) <\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Create your own application<\/strong><\/li>\n\n\n\n<li>Enter the following:\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\">Name: <strong>Clockify<\/strong><\/li>\n\n\n\n<li>Integrate any other application you don&#8217;t find in the gallery<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">Click <strong>Create<\/strong> and navigate to <strong>Properties <\/strong>and fill out the fields:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\">Logo: e.g. upload Clockify logo <\/li>\n\n\n\n<li class=\"translation-block\">Optionally change <strong>User assignment required<\/strong> and <strong>Visible to users<\/strong> if necessary<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">Click <strong>Save <\/strong>to complete the process.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"44-step-3-clockify\">Step 3: Clockify<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Click <strong>Add SSO Configuration<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>SAML2<\/strong> as authentication type<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Next<\/strong><\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">Once you get the <strong>SAML2 authentication<\/strong> template, go back to Azure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"45-step-4-azure-sso-configuration\">Step 4: Azure SSO configuration<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>Single sign-on<\/strong> in the sidebar<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>SAML<\/strong><\/li>\n\n\n\n<li class=\"translation-block\"><strong>Basic SAML Configuration<\/strong> (click the pencil to edit):\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Identifier<\/strong> (<strong>Entity ID<\/strong>): This is where you put your subdomain address, e.g. https:\/\/yourcompanysubdomain.clockify.me\/<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Reply URL<\/strong> (<strong>Assertion Consumer Service URL<\/strong>): go back to Clockify and copy pre-generated <strong>Reply URL<\/strong>, e.g. https:\/\/global.api.clockify.me\/auth\/saml2<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">Click <strong>Save <\/strong>and continue with <strong>SAML Certificate<\/strong>: (click the pencil to edit):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>New certificate <\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">Save the changes and click <strong>the 3 dots<\/strong> on the <strong>Inactive<\/strong> certificate, choose <strong>Make certificate active<\/strong> and click <strong>Yes<\/strong>.<\/p>\n\n\n\n<p>Now, reload the page to see the changes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"46-step-5-clockify\">Step 5: Clockify<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Entity Id<\/strong>: (this is where you put your subdomain address, in our case it&#8217;s https:\/\/yourcompanysubdomain.clockify.me\/)<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Federation Metadata<\/strong>: Navigate to Azure, under <strong>SAML Certificates<\/strong> copy\/paste <strong>App Federation Metadata Url<\/strong> in Clockify<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\"><strong>Login Url<\/strong>: Navigate to Azure, under <strong>Set up Clockify<\/strong> find <strong>Login URL<\/strong> and copy\/paste it in Clockify<\/p>\n\n\n\n<p>Your screen should look like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"498\" height=\"913\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-10.40.06.png\" alt=\"\" class=\"wp-image-18745\" style=\"width:366px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-10.40.06.png 498w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-10.40.06-164x300.png 164w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-10.40.06-7x12.png 7w\" sizes=\"auto, (max-width: 498px) 100vw, 498px\" \/><\/figure>\n\n\n\n<p>and like this: <\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"498\" height=\"475\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-10.40.28.png\" alt=\"\" class=\"wp-image-18746\" style=\"width:366px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-10.40.28.png 498w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-10.40.28-300x286.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2024\/06\/Screenshot-2024-06-13-at-10.40.28-13x12.png 13w\" sizes=\"auto, (max-width: 498px) 100vw, 498px\" \/><\/figure>\n\n\n\n<p class=\"tip, translation-block\">After entering all required data, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This action ensures the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with a <strong>Finish configuration<\/strong> button.<\/p>\n\n\n\n<p class=\"translation-block\">Click <strong>Finish configuration<\/strong> and enable <strong>Log in with SAML2<\/strong> (and optionally disable <strong>Log in with email and password<\/strong>).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"47-step-6-assign-application-in-azure\">Step 6: Assign application in Azure<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>Users and Groups<\/strong> in the sidebar (where you choose which users from your Azure account will be able to access Clockify)<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Add user<\/strong>\/group <\/li>\n\n\n\n<li>In <strong>Users and groups<\/strong> choose users you want <\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Select<\/strong> and <strong>Assign<\/strong><\/li>\n<\/ol>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-364c2af7-9b4f-4dcd-8b4f-54dc9d661285\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-364c2af7-9b4f-4dcd-8b4f-54dc9d661285\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n<div class=\"wp-block-ub-expand ub-expand\" id=\"ub-expand-29eff6d7-df00-4944-b645-26e29c468c68\" data-scroll-type=\"false\" data-scroll-amount=\"\" data-scroll-target=\"\">\n<div class=\"ub-expand-portion ub-expand-partial wp-block-ub-expand-portion\" id=\"ub-expand-partial-6e485f6b-3df3-48b0-af12-837148148889\" aria-hidden=\"false\">\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"48-oauth-20-oidc-with-okta\">OAuth 2.0 (OIDC) with Okta<\/h2>\n\n\n\t\t\t<a id=\"ub-expand-toggle-partial-6e485f6b-3df3-48b0-af12-837148148889\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"false\" aria-controls=\"ub-expand-full-6e485f6b-3df3-48b0-af12-837148148889\" tabindex=\"0\">\n\t\t\t\tshow more\n\t\t\t<\/a>\n\t\t<\/div>\n\n<div class=\"ub-expand-portion ub-expand-full ub-hide wp-block-ub-expand-portion\" id=\"ub-expand-full-6e485f6b-3df3-48b0-af12-837148148889\" aria-hidden=\"true\">\n\t\t\t\n\n<h3 class=\"wp-block-heading\" id=\"49-step-1-create-subdomain-in-clockify\">Step 1: Create subdomain in Clockify<\/h3>\n\n\n\n<p class=\"translation-block\">For more information on this, check out\u00a0<a href=\"https:\/\/clockify.me\/help\/getting-started\/single-sign-on-sso#setting-up-custom-subdomain\">Setting up custom subdomain<\/a>\u00a0section.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"50-step-2-create-application-in-okta\">Step 2: Create application in Okta<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>Applications<\/strong> in the sidebar<\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Create App Integration<\/strong> button <\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>OIDC &#8211; OpenID Connect<\/strong> in <strong>Sign-in<\/strong> <strong>method<\/strong> section<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Web application<\/strong> in <strong>Application type<\/strong> section <\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Next<\/strong><\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"51-create-oidc-integration\">Create OIDC Integration<\/h4>\n\n\n\n<p class=\"translation-block\">In <strong>New Web App Integration<\/strong>, <strong>General Settings<\/strong> form enter the following information and click <strong>Save<\/strong>.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>App integration name:<\/strong> e.g. Clockify <\/li>\n\n\n\n<li class=\"translation-block\"><strong>Logo<\/strong> (optional): e.g. upload Clockify logo <\/li>\n\n\n\n<li class=\"translation-block\"><strong>Sign-in redirect URIs<\/strong>: Copy\/paste URL from <strong>Redirect URL<\/strong> (<strong>Advanced<\/strong> section) in Clockify SSO configuration<\/li>\n<\/ol>\n\n\n\n<p>You should also add the following URIs in order for the OAuth 2.0 (OIDC) login to work on Clockify mobile apps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/yourcompanysubdomain.clockify.me\/login\/android\/oauth2<\/li>\n\n\n\n<li>https:\/\/yourcompanysubdomain.clockify.me\/login\/ios\/oauth2<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">or, if you&#8217;re using one of the regional servers, you should add one of the <a href=\"https:\/\/clockify.me\/help\/getting-started\/data-regions\">regional URLs<\/a>.<\/p>\n\n\n\n<p class=\"translation-block\">Then, scroll down and in the <strong>Assignments<\/strong> section check <strong>Allow everyone in your organization to access<\/strong> option. Click <strong>Save<\/strong> to complete the action. <\/p>\n\n\n\n<p>You should get the screen that looks like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"743\" height=\"878\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_7_blur.png\" alt=\"\" class=\"wp-image-9014\" style=\"width:557px;height:659px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_7_blur.png 743w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_7_blur-254x300.png 254w\" sizes=\"auto, (max-width: 743px) 100vw, 743px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"52-step-3-add-sso-configuration-in-clockify\">Step 3: Add SSO configuration in Clockify<\/h3>\n\n\n\n<p class=\"translation-block\">Now, in Clockify, in <strong>Authentication<\/strong> screen where you created your subdomain:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Click <strong>Add SSO Configuration<\/strong> at the bottom of the screen<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>OAuth2<\/strong> as authentication type<\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Okta<\/strong> as <strong>IdP Template<\/strong><\/li>\n\n\n\n<li class=\"translation-block\">Click <strong>Next<\/strong><\/li>\n<\/ol>\n\n\n\n<p>In OAuth 2.0 (OIDC) authentication form enter the following information:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Client ID<\/strong>: Generated in Okta in the previous step; copy it from the <strong>Client Credentials <\/strong>section<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Client Secret<\/strong>: Same as Client ID; copy it from the <strong>Client Credentials<\/strong> section<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Okta Domain<\/strong>: Copy it from Okta, <strong>General Settings<\/strong>, <strong>Okta domain<\/strong> field (Note: Okta Domain requires a <strong>domain name only<\/strong>, for example: doamin_name.okta.com instead of: https:\/\/domain_name.okta.com)<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Logout Url<\/strong>: Optionally add a logout URL to set up redirection after logging out<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Advanced<\/strong> section is pre-populated (automatically generated)<\/li>\n<\/ul>\n\n\n\n<p>The screen should look something like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"496\" height=\"984\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/sso_oauth_sample_url-1-1.png\" alt=\"\" class=\"wp-image-21894\" style=\"width:366px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/sso_oauth_sample_url-1-1.png 496w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/sso_oauth_sample_url-1-1-151x300.png 151w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/sso_oauth_sample_url-1-1-6x12.png 6w\" sizes=\"auto, (max-width: 496px) 100vw, 496px\" \/><\/figure>\n\n\n\n<p>and<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"497\" height=\"775\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2025-02-05-at-16.48.59.png\" alt=\"\" class=\"wp-image-21898\" style=\"width:366px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2025-02-05-at-16.48.59.png 497w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2025-02-05-at-16.48.59-192x300.png 192w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/11\/Screenshot-2025-02-05-at-16.48.59-8x12.png 8w\" sizes=\"auto, (max-width: 497px) 100vw, 497px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"53-step-4-assign-application-in-okta\">Step 4: Assign application in Okta<\/h3>\n\n\n\n<p>In Okta:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Navigate to <strong>Applications<\/strong> <\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Clockify <\/strong><\/li>\n\n\n\n<li class=\"translation-block\">In <strong>Assignments<\/strong> tab click <strong>Assign<\/strong> <\/li>\n\n\n\n<li class=\"translation-block\">Choose <strong>Assign to People\/Groups<\/strong> depending on who from your Okta account you&#8217;d like to be able to access Clockify<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block tip\">After entering all required data, on the Clockify side, you can choose to verify your configuration by clicking the <strong>Test configuration<\/strong> button. This action ensures the accuracy of the provided information. If everything is correct, the <strong>Test configuration<\/strong> button will be replaced with a <strong>Finish configuration<\/strong> button.<\/p>\n\n\n\n<p class=\"translation-block\">Click <strong>Finish configuration<\/strong> to complete the process and enable <strong>Log in with OAuth<\/strong>. Optionally, you can disable <strong>Log in with email and password<\/strong>.<\/p>\n\n\n\n<p>Finally, your screen in Clockify should look something like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"837\" height=\"895\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_blur_33.png\" alt=\"\" class=\"wp-image-9017\" style=\"width:628px;height:671px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_blur_33.png 837w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_blur_33-281x300.png 281w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_blur_33-768x821.png 768w\" sizes=\"auto, (max-width: 837px) 100vw, 837px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"836\" height=\"422\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_34.png\" alt=\"\" class=\"wp-image-9018\" style=\"width:627px;height:317px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_34.png 836w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_34-300x151.png 300w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_34-768x388.png 768w\" sizes=\"auto, (max-width: 836px) 100vw, 836px\" \/><\/figure>\n\n\n\n<p>And that&#8217;s it! Now you, and your workspace users are able to log in to your workspace with OAuth 2.0 (OIDC).<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"308\" height=\"261\" src=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_9.png\" alt=\"\" class=\"wp-image-9024\" style=\"width:366px\" srcset=\"https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_9.png 308w, https:\/\/clockify.me\/help\/wp-content\/uploads\/2022\/04\/image_9-300x254.png 300w\" sizes=\"auto, (max-width: 308px) 100vw, 308px\" \/><\/figure>\n\n\n\t\t\t<a id=\"ub-expand-toggle-full-6e485f6b-3df3-48b0-af12-837148148889\" class=\"ub-expand-toggle-button\" style=\"text-align: left; \" role=\"button\" aria-expanded=\"true\" aria-controls=\"ub-expand-full-6e485f6b-3df3-48b0-af12-837148148889\" tabindex=\"0\">\n\t\t\t\tshow less\n\t\t\t<\/a>\n\t\t<\/div>\n<\/div>\n\n\n<div class=\"wp-block-group related-articles\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h3 class=\"wp-block-heading\" id=\"54-related-articles\">Related articles<\/h3>\n\n\n\n<ul class=\"wp-block-list related-articles-list\">\n<li class=\"translation-block\"><a href=\"https:\/\/clockify.me\/help\/getting-started\/start-using-clockify\">Start using Clockify<\/a><\/li>\n<\/ul>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"Single Sign-On (SSO) is an authentication method that lets your team log in to C&#8230;","protected":false},"author":25,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_helpful_status":1,"_searchwp_excluded":"","footnotes":""},"categories":[85],"tags":[],"class_list":["post-11098","post","type-post","status-publish","format-standard","hentry","category-advanced-settings"],"acf":[],"featured_image_src":null,"author_info":{"display_name":"tamara radijevac","author_link":"https:\/\/clockify.me\/help\/fr\/author\/tamara-radijevac"},"_links":{"self":[{"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/posts\/11098","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/comments?post=11098"}],"version-history":[{"count":401,"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/posts\/11098\/revisions"}],"predecessor-version":[{"id":30382,"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/posts\/11098\/revisions\/30382"}],"wp:attachment":[{"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/media?parent=11098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/categories?post=11098"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/clockify.me\/help\/fr\/wp-json\/wp\/v2\/tags?post=11098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}