For partners subscribed to Enterprise plans.
This article explains how to configure the SAML SSO integration of Azure AD classic portal and IT Glue. These instructions apply to the Azure classic portal. Learn how to configure SAML SSO for the new Azure portal in this article.
- Administrator level access to IT Glue.
- An active Azure Active Directory Premium subscription.
- All of your users under your account in IT Glue will need an account in Azure Active Directory, with exactly the same email address. We don’t create user accounts under SSO.
- Before you begin, sign in to your IT Glue account twice - once in a regular browser window and once in a incognito/private window. This is to ensure that you are still signed in to your account just in case you get locked out of your account in the other window.
For Microsoft's instructions, refer to Configuring single sign-on to applications that are not in the Azure Active Directory application gallery.
- In the Azure management portal (https://manage.windowsazure.com/), click the (Active Directory icon) on the left navigation pane.
- From the Directory list, select the directory that you would like to use for SSO.
- Click on Applications in the top menu.
- Click the (Add icon) at the bottom of the screen.
- On the What do you want to do dialog, select Add an application from the gallery.
- On the next screen, choose Custom, enter IT Glue as the name, and then click on the checkmark. This will add a custom application to your Azure Active Directory.
After entering a name for your application, you can configure the single sign-on options and behavior.
- Click on Configure single sign-on.
- Select the first option: Microsoft Azure AD Single Sign-On.
- On the next screen, enter the following URLs in the fields provided (replacing subdomain with your subdomain).
The Identifier is the URL of your IT Glue domain e.g. https://subdomain.itglue.com. The Reply URL will be
Be sure to fill in your IT Glue subdomain. Note that there's no trailing slash at the end of the URL.
- On the next screen, click Download Certificate (Base 64) and save the certificate file on your computer.
- Next, assign users to your app.
- In the Azure AD portal, on the IT Glue application integration page, click Assign users.
- Select your users, click Assign, and then click Yes to confirm the assignment.
Configuring IT Glue
- From Account > Settings, click the Authentication tab.
- Use the on/off button to turn on SAML SSO.
Important. It's highly recommended that before you begin these next instructions, you sign in to your IT Glue account twice - once in a regular browser window and once in a incognito/private window (or just sign in to two separate browsers).
- Copy and paste the following URLs from Azure to IT Glue:
- Copy the Issuer URL and paste it in the IT Glue Issuer URL field.
- Copy the Single Sign-On Service URL and paste it in the IT Glue SAML Login Endpoint URL field.
- Copy the Single Sign-Out Service URL and paste it in the IT Glue SAML Logout Endpoint URL field.
Once you make this change, you can test your access.
Testing SSO authentication
Before you configured SSO, you should have created two IT Glue browser sessions. If you get locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.
To make sure SSO is working, perform these steps:
- Sign out of and close the Azure management portal and the Azure AD access panel.
- In a new browser session, navigate directly to the access panel at http://myapps.microsoft.com.
- Enter your Azure AD credentials to sign in. After authentication, you will be able to interact with the applications integrated with the directory.
- Click on IT Glue to be redirected and signed in to IT Glue.
Another way to test SSO access is to go to your account subdomain (mycompany.itglue.com) directly.
When the SSO server is unavailable, how do we access our accounts?
If the SSO server you specified is unavailable for any reason while you're trying to sign in, authentication will fail. Send us an email for assistance.
How do we disable SSO for a user?
If a member has left your team, and you’d like to disable their user account, an Administrator or Manager will need to delete their account from the Account > Users page in IT Glue. We don't currently support disabling user accounts through the SSO server.