For partners subscribed to Enterprise plans.
In this article, you'll learn how to configure SSO on your IT Glue account using OneLogin.
- Administrator level access to IT Glue.
- Ensure your users are provisioned in OneLogin, with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
- Before turning this feature on, log into IT Glue twice - once in a regular browser window and once in a incognito/private window. This is to ensure that you are still logged into your account if you get locked out of your account in the other window.
OneLogin for IT Glue works the way it does for other sites and apps. In other words, a user logs in once to have automatic access to IT Glue and many other applications such as email, your CRM, and so on without having to log in separately to those services.
- In OneLogin, go to Add Apps page and search for and click on IT Glue.
- Click Save to add the app to your Company Apps and display additional configuration tabs.
- On the Configuration tab, enter your IT Glue subdomain in the field provided. For example, if your IT Glue account URL is "mycompany.itglue.com, then you would enter mycompany. If you have an EU-hosted IT Glue account, then you would enter mycompany.eu in the field.
- On the SSO tab, copy the three URLs (Issuer, SAML 2.0 Endpoint, SLO Endpoint) that are displayed on this screen.
- Next, click on View Details which appears under the X.509 Certificate field. On this page, copy the SHA-1 Fingerprint string and the X.509 Certificate.
Configuring IT Glue
After setting up OneLogin, you will need to configure your IT Glue account to authenticate using SAML. You will need a few pieces of information from OneLogin to complete this step.
- Log into IT Glue and click Account from the top navigation bar.
- Click Settings from the sidebar.
- Click on the Authentication tab and then turn on the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. You will need to collect information from OneLogin and enter it into this form.
Important. Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).
- Click Save.
Warning. Click Save only when all information has been entered. If you turn on SSO prematurely, it will break the login experience for all users on your account.
Once you make this change, you can test your access.
Testing SSO authentication
Before you configured SSO, you should have created two IT Glue browser sessions. If you get locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.
To make sure SSO is working, perform these steps:
- Log out of and close any OneLogin browser sessions you have open.
- In a new browser session, navigate to your IT Glue account subdomain (mycompany.itglue.com) directly. This should redirect you to the identity provider.
- Enter your SSO credentials.
After entering your credentials, you should be redirected and logged into IT Glue.
Troubleshooting an email mismatch
If you have been using OneLogin for some time, your IT Glue account admin email may not match your OneLogin admin email. This can be remedied by doing the following:
- In OneLogin, go to Users > Account_Owner.
- Select the Applications tab.
- Select IT Glue to open the Edit Login pane.
Here you can overwrite the default fields for your IT Glue login and insert the correct information to match your OneLogin credentials with your IT Glue credentials.
When the SSO server is unavailable, how do we access our accounts?
If your SSO provider's service is unavailable, you can still login using your IT Glue username and password at app.itglue.com.
If your SSO is not working, confirm your provider's service is available. Send us an email for assistance.
How do we disable SSO for a user?
To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t currently support disabling user accounts through the SSO server.