Configuring single sign-on (SSO) with OneLogin

For partners subscribed to Enterprise plans.

In this article, you'll learn how to configure SSO on your IT Glue account using OneLogin.

Note: These instructions refer to OneLogin but you can use any SSO provider that supports SAML 2.0 or configure your own solution. For more information, refer to our main SAML topic.

Prerequisites

  • Administrator level access to IT Glue.
  • Ensure your users are provisioned in OneLogin, with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
  • Before turning this feature on, sign in to IT Glue twice - once in a regular browser window and once in a incognito/private window. This is to ensure that you are still signed in to your account if you get locked out of your account in the other window.

Instructions

Configuring OneLogin

OneLogin for IT Glue works the way it does for other sites and apps. In other words, a user signs in once to have automatic access to IT Glue and many other applications such as email, your CRM, and so on without having to sign in separately to those services.

  1. In OneLogin, go to Add Apps page and search for and click on IT Glue.
  2. Click Save to add the app to your Company Apps and display additional configuration tabs.
  3. On the Configuration tab, enter your IT Glue subdomain in the field provided. For example, if your IT Glue account URL is "mycompany.itglue.com, then you would enter mycompany.

  4. On the SSO tab, copy the three URLs (Issuer, SAML 2.0 Endpoint, SLO Endpoint) that are displayed on this screen.

  5. Next, click on View Details which appears under the X.509 Certificate field. On this page, copy the SHA-1 Fingerprint string and the X.509 Certificate.

Important. It's highly recommended that before you begin these next instructions, you sign in to your IT Glue account twice - once in a regular browser window and once in a incognito/private window (or just sign in to two separate browsers).

Configuring IT Glue

  1. From Account > Settings, click the Authentication tab.
  2. Use the on/off button to turn on SAML SSO.
  3. Enter the information copied from OneLogin in the fields provided.

    Configuring_OneLogin_SSO.png

  4. Click Save.
    Warning. Click Save only when all information has been entered. If you turn on SSO prematurely, it will break the sign-in experience for all users on your account.

Once you make this change, you can test your access.

Testing SSO authentication

Before you configured SSO, you should have created two IT Glue browser sessions. If you get locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.

To make sure SSO is working, perform these steps:

  1. Sign out of and close any OneLogin browser sessions you have open.
  2. In a new browser session, navigate to your IT Glue account subdomain (mycompany.itglue.com) directly. This should redirect you to the identity provider.
  3. Enter your SSO credentials.

After entering your credentials, you should be redirected and signed in to IT Glue.

Troubleshooting an email mismatch

If you have been using OneLogin for some time, your IT Glue account admin email may not match your OneLogin admin email. This can be remedied by doing the following:

  1. In OneLogin, go to Users > Account_Owner.
  2. Select the Applications tab.
  3. Select IT Glue to open the Edit Login pane.

Here you can overwrite the default fields for your IT Glue login and insert the correct information to match your OneLogin credentials with your IT Glue credentials.

Common Questions

When the SSO server is unavailable, how do we access our accounts?

If the SSO server you specified is unavailable for any reason while you're trying to sign in, authentication will fail. Send us an email for assistance.

How do we disable SSO for a user?

If a member has left your team, and you’d like to disable their user account, an Administrator or Manager will need to delete their account from the Account > Users page in IT Glue. We don't currently support disabling user accounts through the SSO server.

Was this article helpful?
1 out of 1 found this helpful