Follow

Adding IT Glue SAML access in SSO

IT Glue Configuration

Here are the steps to add ITGlue to the AuthAnvil on Premise product:

  1. Log into AuthAnvil 2FA Manager and browse to the Single Sign On tab > Application
  2. Select Add new Application button
  3. Select Add a custom application
  4. Select Add a Customer Application.

  5. Add the Application name IT Glue.

  6. Add the Application to an exiting SSO User Role.
  7. Change Application Image.
    Select Choose File. Upload the IT glue Logo (attached to this article).
  8. Select the Protocol Configuration.

  9. Select IdP-Init from the drop down protocol list
  10. Update the following:
    Reply To URLhttps://(YourCompanyName).itglue.com/saml/consume
    Audience URI: https://(YourCompanyName).itglue.com

    Note: Replace YourCompanyName with your IT GLue instance.
  11. Select Advance Protocol Settings

    and deselect Sign Message.
  12. Select the Attribute Maps 

    Select the edit link beside the current attribute in there
  13. From the drop down,
    Select {User.Email}
    Ensure the Outgoing Claim Type stays   http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

  14. Select the Update Map 

    Once the attribute map has been added. Select Save.
  15. Select Certificate Authority

    Copy the Thumbprint to a notepad document as you will need this to configure ITGlue.

    Select Show Certificate (which will switch to Hide Certificate when selected)

    Copy the encoded certificate to the same note pad keeping it separate from the thumbprint. 

    Note: you’ll want to add a header and footer to the Notepad prior to adding to ITGlue configuration. A sample of how this should be in below:
    -----BEGIN CERTIFICATE-----
    MIICxjCCAa6gAwIBAgKvQHfOBKdMsORuO9zsvTANBgkqhki......
    -----END CERTIFICATE-----

 

Proceed to configure ITGlue's side in accordance to their steps, which may include exporting the certificate from this newly added application.

  1. From Account > Settings, scroll down to Single Sign On and select Enable SAML SSO.

  2. Enter the information copied from AuthAnvil SSO in the text boxes provided:
    • Issuer URL: Issuer URL 
    • SSO Endpoint: SAML2.0 Endpoint (HTTP) URL 
    • SLO Endpoint: SLO Endpoint (HTTP) URL 
    • Fingerprint: SHA Fingerprint 
    • Certificate: X.509 Certificate
  3. Select Save
    Note: Select Save only if you have AuthAnvil SSO ready to go. If you enable SSO prematurely, it will break the sign in experience for all users on your account.

Once you make this change, users will be required to sign in with AuthAnvil SSO when visiting your account subdomain (mycompany.itglue.com) if they're not already authenticated.

Common Questions

How does SSO sign me in?

Whenever IT Glue (mycompany.itglue.com) or one of your other apps or sites wants to authenticate you via SSO, they'll redirect you to the authentication domain (AuthAnvil SSO). If you are not signed in, you can sign in using your AuthAnvil SSO credentials. But if you're already signed in, you won't need to sign in again. You are immediately redirected back to the target site (e.g. IT Glue) with the necessary authentication token. This token is used by the target site's server to verify that you are authenticated with the authentication server.

Signing in to IT Glue using SAML (technical view)




What information do I need to enter if I use a different SAML identity provider?

If you configure your own solution, you will need to enter the following information:

  • Issuer URL - the URL that uniquely identifies your SAML identity provider
  • SSO Endpoint - the SAML login URL of the SAML server
  • SLO Endpoint - a URL where IT Glue can redirect users after they sign out of IT Glue (optional)
  • Fingerprint - the appropriate value based on the information provided by your identity provider
  • Certificate - the authentication certificate issued by your identity provider


When the SSO server is unavailable, how do we access our accounts?

If the SSO server you specified is unavailable for any reason while you're trying to log in, authentication will fail. Send IT Glue IT support an email directly for assistance.


How do we disable SSO for a user?

If a member has left your team, and you’d like to disable their user account, an Admin or Manager will need to delete their account from the Account > Users page in IT Glue. We don't currently support disabling user accounts through the SSO server. 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk