Adding IT Glue

 To configure IT Glue in the Single Sign On Manager please follow these steps

  1. Select Directory Manager.
  2. Select Groups.
  3. Select the green plus sign in the bottom right corner.
  4. Name the Group IT Glue Users.
    Note: If you have other existing Groups for SSO users you can use one of these as well.
  5. Select ADD GROUP.
  6. Select SSO Manager.
  7. Select the green plus sign in the bottom right corner.
  8. Select the Catalog Icon.
  9. Select IT Glue from catalog.
  10. Select Application is enabled.
  11. Select Protocol configuration. Update the following.
    Assertion Consumer Service URL:
    Service Entity IR (Issuer)
    Audience URI (Select Add)
    Select Remove on that was displayed automatically.

    : Replace domain with your own base URL for your IT Glue instance for all of the above.

  12. Select Add Application.
  13. Select Signing and Encryption.
  14. Select Copy.
  15. Copy the certificate thumbprint as you will need this to configure the IT Glue instance.
  16. Select Permissions.
  17. Select Add Groups.
    Select the Group you chose in Step 4.
  18. Select Save Changes.


Configuring IT Glue to accept SAML authentication



  1. From Account > Settings, scroll down to Single Sign On and click Enable SAML SSO.

  2. Enter the information copied from AAoD in the text boxes provided:
    • Issuer URL:Issuer URL https://(Your On-Demand Tenant)/trust
    • SSO Endpoint: SAML2.0 Endpoint (HTTP) URL https://(Your On-Demand Tenant)/signin 
    • SSO Logout Endpoint: SLO Endpoint (HTTP) URL https://(Your On-Demand Tenant)/apps 
      Note: Replace  https://(Your On-Demand Tenant) with your actual tenant URL.
    • Fingerprint: SHA Fingerprint 
    • Certificate: X.509 Certificate
  3. Click Save
    Click Save only if you have AAoD ready to go. If you enable SSO prematurely, it will break the sign in experience for all users on your account.

Once you make this change, users will be required to sign in with AAoD when visiting your account subdomain ( if they're not already authenticated.



Common Questions

How does SSO sign me in?

Whenever IT Glue ( or one of your other apps or sites wants to authenticate you via SSO, they'll redirect you to the authentication domain (AAoD). If you are not signed in, you can sign in using your AAoD credentials. But if you're already signed in, you won't need to sign in again. You are immediately redirected back to the target site (e.g. IT Glue) with the necessary authentication token. This token is used by the target site's server to verify that you are authenticated with the authentication server.

Signing in to IT Glue using SAML (technical view)

What information do I need to enter if I use a different SAML identity provider?

If you configure your own solution, you will need to enter the following information:

  • Issuer URL - the URL that uniquely identifies your SAML identity provider
  • SSO Endpoint - the SAML login URL of the SAML server
  • SLO Endpoint - a URL where IT Glue can redirect users after they sign out of IT Glue (optional)
  • Fingerprint - the appropriate value based on the information provided by your identity provider
  • Certificate - the authentication certificate issued by your identity provider

When the SSO server is unavailable, how do we access our accounts?

If the SSO server you specified is unavailable for any reason while you're trying to log in, authentication will fail. Send us an email IT Glue directlyfor assistance.

How do we disable SSO for a user?

If a member has left your team, and you’d like to disable their user account, an Admin or Manager will need to delete their account from the Account > Users page in IT Glue. We don't currently support disabling user accounts through the SSO server. 


Have more questions? Submit a request


Article is closed for comments.