Configuring single sign-on (SSO) with Azure

For partners subscribed to Enterprise plans.

This article explains how to configure the SSO integration of Azure and IT Glue.

For details on the Microsoft's instructions, refer to Configuring single sign-on to applications that are not in the Azure Active Directory application gallery. For further help, refer to our main SAML topic.

Prerequisites

  • Administrator level access to IT Glue.
  • An active Azure Active Directory Premium subscription.
  • All of your users under your account in IT Glue will need an account in Azure Active Directory, with exactly the same email address. We don’t create user accounts under SSO.
  • Before you begin, sign in to your IT Glue account twice - once in a regular browser window and once in a incognito/private window. This is to ensure that you are still signed in to your account just in case you get locked out of your account in the other window.

Instructions

  1. In the Azure management portal (https://manage.windowsazure.com/), click the (Active Directory icon) on the left navigation pane.
  2. From the Directory list, select the directory that you would like to use for SSO.
  3. Click on Applications in the top menu.



  4. Click the (Add icon) at the bottom of the screen.

  5. On the What do you want to do dialog, select Add an application from the gallery.



  6. On the next screen, choose Custom, enter IT Glue as the name, and then click on the checkmark. This will add a custom application to your Azure Active Directory.


    After entering a name for your application, you can configure the single sign-on options and behavior.

  7. Click on Configure single sign-on.



  8. Select the first option: Microsoft Azure AD Single Sign-On.



  9. On the next screen, you will be prompted to enter two different URLs corresponding to the SAML endpoints for the application. Enter the Identifier, which is the URL of your IT Glue subdomain (e.g. https://subdomain.itglue.com). The Reply URL will be https://subdomain.itglue.com/saml/consume, replacing subdomain with your IT Glue subdomain. Note that there's no trailing slash at the end of the URL.



  10. On the next screen, click Download Certificate (Base 64) and save the certificate file on your computer.



  11. Leave this window open, and in a different web browser window, sign in to your IT Glue account.
  12. From Account > Settings, click the Authentication tab.
  13. Use the on/off button to turn on SAML SSO.
    Important. It's highly recommended that before you begin these next instructions, you sign in to your IT Glue account twice - once in a regular browser window and once in a incognito/private window (or just sign in to two separate browsers).
  14. Copy and paste the following information from Azure to IT Glue:

    • Copy the Thumbprint and paste it in the IT Glue Fingerprint field.
    • Copy the Issuer URL and paste it in the IT Glue Issuer URL field.
    • Copy the Single Sign-On Service URL and paste it in the IT Glue SAML Login Endpoint URL field.
    • Copy the Single Sign-Out Service URL and paste it in the IT Glue SAML Logout Endpoint URL field.

  15. Copy the content of the certificate and paste it in the IT Glue Certificate field.
  16. Next, assign users to your app.
    • In the Azure AD portal, on the IT Glue application integration page, click Assign users.
    • Select your users, click Assign, and then click Yes to confirm the assignment.
  17. Finally, in IT Glue, click Save to complete the set up of your account.
    Warning. Click Save only when all information has been entered. If you turn on SSO prematurely, it will break the sign-in experience for all users on your account.

Once you make this change, you can test your access.

Testing SSO authentication

Before you configured SSO, you should have created two IT Glue browser sessions. If you get locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.

To make sure SSO is working, perform these steps:

  1. Sign out of and close the Azure management portal and the Azure AD access panel.
  2. In a new browser session, navigate directly to the access panel at http://myapps.microsoft.com.
  3. Enter your Azure AD credentials to sign in. After authentication, you will be able to interact with the applications integrated with the directory.
  4. Click on IT Glue to be redirected and signed in to IT Glue.

Another way to test SSO access is to go to your account subdomain (mycompany.itglue.com) directly.

Common Questions

When the SSO server is unavailable, how do we access our accounts?

If the SSO server you specified is unavailable for any reason while you're trying to sign in, authentication will fail. Send us an email for assistance.

How do we disable SSO for a user?

If a member has left your team, and you’d like to disable their user account, an Administrator or Manager will need to delete their account from the Account > Users page in IT Glue. We don't currently support disabling user accounts through the SSO server.

Was this article helpful?
2 out of 3 found this helpful