For partners subscribed to Enterprise plans.
In this article, you'll learn how to configure SSO on your IT Glue account using Duo.
- Administrator level access to IT Glue
- Ensure your users are provisioned in Duo, with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
- Before turning this feature on, log into your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also log into two separate browsers.
- Log onto the Duo Admin Panel and click on Applications > Protect an Application.
- Type service provider in the search field.
- Click Protect the Application in the SAML - Service Provider section.
- In the Service Provider configuration page, type in:
- Service Provider Name: IT Glue
- Entity ID: https://subdomain.itglue.com
- Assertion Consumer Service: https://subdomain.itglue.com/saml/consume
|Login URL||SAML Login Endpoint URL|
|Logout URL||SAML Logout Endpoint URL|
|Entity ID||Issuer URL|
|Downloaded Certificate||Certificate (included begin and end lines)|
Configuring IT Glue
After setting up Duo, configure your IT Glue account to authenticate using SAML. You will need the certificate and a few pieces if information from Duo to finish the configuration.
- In IT Glue, click Account in the top navigation bar.
- Click Settings from the sidebar.
- Click the Authentication tab.
- Use the on/off toggle button to turn on SAML SSO.
- Copy and paste the following information from Duo into IT Glue:
- Issue URL
- SAML Login Endpoint URL
- SAML Logout Endpoint URL
Once you make this change, you can test your account.
Testing SSO Authentication
In the above section, you should have created two IT Glue browser sessions. If you are locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.
To make sure SSO is working, perform the below steps:
- Log out of and close the Duo portal.
- In a new browser session, navigate directly to the Duo Access Panel.
- Enter your Duo credentials to log in.
- Click on the IT Glue SSO application you created to be redirected to IT Glue.
When the SSO server is unavailable, how do we access our accounts?
If the SSO server you specified is unavailable for any reason while you're trying to log in, authentication will fail. Send us an email for assistance.
Alternatively, in the event that SSO is unavailable, you can still login using your IT Glue username and password at app.itglue.com.
How do we disable SSO for a user?
To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t currently support disabling user accounts through the SSO server.