For partners subscribed to Enterprise plans.
In this article, you'll learn how to configure SSO on your IT Glue account using Duo.
- Administrator level access to IT Glue
- Ensure your users are provisioned in Duo, with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
- Before turning this feature on, log into your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also log into two separate browsers.
- Log onto the Duo Admin Panel and navigate to Applications > Protect an Application in the left-hand menu.
- Type service provider in the search field and click Protect the Application in the search return.
- In the Service Provider section of the configuration page, enter the following information:
- Service Provider Name: IT Glue
- Entity ID: https://subdomain.itglue.com
- Assertion Consumer Service: https://subdomain.itglue.com/saml/consume
Configuring IT Glue
After setting up Duo, you need to configure your IT Glue account to authenticate using SAML. You will need a few pieces of information from Duo to complete step.
- Log into IT Glue and click Account in the top navigation bar.
- Click Settings from the sidebar.
- Click on the Authentication tab and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. you will need to collect information from Duo and enter it into this form.
- Copy the Duo Entity ID and paste it into the IT Glue Issuer URL field.
- Copy the Duo Login URL and paste it into the IT Glue SAML Login Endpoint URL field.
- Copy the Duo Logout URL and paste it into the IT Glue SAML Logout Endpoint URL field.
- Copy the Duo SHA-1 Fingerprint and paste it into the IT Glue Fingerprint field.
- Download the Duo certificate and paste it into the IT Glue Certificate field.
Important. Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).
Once you make this change, you can test your account.
Testing SSO Authentication
In the above section, you should have created two IT Glue browser sessions. If you are locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.
To make sure SSO is working, perform the below steps:
- Log out of and close the Duo portal.
- In a new browser session, navigate directly to the Duo Access Panel.
- Enter your Duo credentials to log in.
- Click on the IT Glue SSO application you created to be redirected to IT Glue.
When the SSO server is unavailable, how do we access our accounts?
If your SSO provider's service is unavailable, you can still login using your IT Glue username and password at app.itglue.com.
If your SSO is not working, confirm your provider's service is available. Send us an email for assistance.
How do we disable SSO for a user?
To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t currently support disabling user accounts through the SSO server.