For partners subscribed to Enterprise plans.
In this article, you'll learn how to configure SSO on your IT Glue account using OneLogin.
- Administrator level access to IT Glue.
- Ensure your users are provisioned in OneLogin, with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
- Before turning this feature on, log into IT Glue twice - once in a regular browser window and once in a incognito/private window. This is to ensure that you are still logged into your account if you get locked out of your account in the other window.
OneLogin for IT Glue works the way it does for other sites and apps. In other words, a user logs in once to have automatic access to IT Glue and many other applications such as email, your CRM, and so on without having to log in separately to those services.
- In OneLogin, go to Add Apps page and search for and click on IT Glue.
- Click Save to add the app to your Company Apps and display additional configuration tabs.
- On the Configuration tab, enter your IT Glue subdomain in the field provided. For example, if your IT Glue account URL is "mycompany.itglue.com, then you would enter mycompany. If you have an EU-hosted IT Glue account, then you would enter mycompany.eu in the field.
- On the SSO tab, copy the three URLs (Issuer, SAML 2.0 Endpoint, SLO Endpoint) that are displayed on this screen.
- Next, click on View Details which appears under the X.509 Certificate field. On this page, copy the SHA-1 Fingerprint string and the X.509 Certificate.
Configuring IT Glue
- Click Account from the top navigation bar.
- Click Settings from the sidebar.
- Click the Authentication tab.
- Use the on/off button to turn on SAML SSO.
Important. It's highly recommended that before you begin these next instructions, you log into your IT Glue account twice - once in a regular browser window and once in a incognito/private window (or just log into two separate browsers).
- Enter the information copied from OneLogin in the fields provided.
- Click Save.
Warning. Click Save only when all information has been entered. If you turn on SSO prematurely, it will break the login experience for all users on your account.
Once you make this change, you can test your access.
Testing SSO authentication
Before you configured SSO, you should have created two IT Glue browser sessions. If you get locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.
To make sure SSO is working, perform these steps:
- Log out of and close any OneLogin browser sessions you have open.
- In a new browser session, navigate to your IT Glue account subdomain (mycompany.itglue.com) directly. This should redirect you to the identity provider.
- Enter your SSO credentials.
After entering your credentials, you should be redirected and logged into IT Glue.
Troubleshooting an email mismatch
If you have been using OneLogin for some time, your IT Glue account admin email may not match your OneLogin admin email. This can be remedied by doing the following:
- In OneLogin, go to Users > Account_Owner.
- Select the Applications tab.
- Select IT Glue to open the Edit Login pane.
Here you can overwrite the default fields for your IT Glue login and insert the correct information to match your OneLogin credentials with your IT Glue credentials.
When the SSO server is unavailable, how do we access our accounts?
If the SSO server you specified is unavailable for any reason while you're trying to log in, authentication will fail. Send us an email for assistance.
Alternatively, in the event that SSO is unavailable, you can still login using your IT Glue username and password at app.itglue.com.
How do we disable SSO for a user?
To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t currently support disabling user accounts through the SSO server.