Adding IT Glue

 To configure IT Glue in the Single Sign On Manager please follow these steps

  1. Select Directory Manager.
  2. Select Groups.
  3. Select the green plus sign in the bottom right corner.
  4. Name the Group IT Glue Users.
    Note: If you have other existing Groups for SSO users you can use one of these as well.
  5. Select ADD GROUP.
  6. Select SSO Manager.
  7. Select the green plus sign in the bottom right corner.
  8. Select the Catalog Icon.
  9. Select IT Glue from catalog.
  10. Select Application is enabled.
  11. Select Protocol configuration. Update the following.
    Assertion Consumer Service URL: https://domain.itglue.com/saml/consume
    Service Entity IR (Issuer)https://domain.itglue.com
    Audience URIhttps://domain.itglue.com (Select Add)
    Select Remove on https://domain.itglue.com that was displayed automatically.

    Note
    : Replace domain with your own base URL for your IT Glue instance for all of the above.


  12. Select Add Application.
  13. Select Signing and Encryption.
  14. Select Copy.
  15. Copy the certificate thumbprint as you will need this to configure the IT Glue instance.
  16. Select Permissions.
  17. Select Add Groups.
    Select the Group you chose in Step 4.
  18. Select Save Changes.

 

Configuring IT Glue to accept SAML authentication

 

 

  1. From Account > Settings, scroll down to Single Sign On and click Enable SAML SSO.

  2. Enter the information copied from AAoD in the text boxes provided:
    • Issuer URL: Issuer URL 
    • SSO Endpoint: SAML2.0 Endpoint (HTTP) URL 
    • SLO Endpoint: SLO Endpoint (HTTP) URL 
    • Fingerprint: SHA Fingerprint 
    • Certificate: X.509 Certificate
  3. Click Save
    Click Save only if you have AAoD ready to go. If you enable SSO prematurely, it will break the sign in experience for all users on your account.


Once you make this change, users will be required to sign in with AAoD when visiting your account subdomain (mycompany.itglue.com) if they're not already authenticated.

 

 

Common Questions

How does SSO sign me in?

Whenever IT Glue (mycompany.itglue.com) or one of your other apps or sites wants to authenticate you via SSO, they'll redirect you to the authentication domain (AAoD). If you are not signed in, you can sign in using your AAoD credentials. But if you're already signed in, you won't need to sign in again. You are immediately redirected back to the target site (e.g. IT Glue) with the necessary authentication token. This token is used by the target site's server to verify that you are authenticated with the authentication server.

Signing in to IT Glue using SAML (technical view)




What information do I need to enter if I use a different SAML identity provider?

If you configure your own solution, you will need to enter the following information:

  • Issuer URL - the URL that uniquely identifies your SAML identity provider
  • SSO Endpoint - the SAML login URL of the SAML server
  • SLO Endpoint - a URL where IT Glue can redirect users after they sign out of IT Glue (optional)
  • Fingerprint - the appropriate value based on the information provided by your identity provider
  • Certificate - the authentication certificate issued by your identity provider


When the SSO server is unavailable, how do we access our accounts?

If the SSO server you specified is unavailable for any reason while you're trying to log in, authentication will fail. Send us an email IT Glue directlyfor assistance.


How do we disable SSO for a user?

If a member has left your team, and you’d like to disable their user account, an Admin or Manager will need to delete their account from the Account > Users page in IT Glue. We don't currently support disabling user accounts through the SSO server. 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.