Configuring single sign-on (SSO) for Duo

For partners subscribed to Enterprise plans.

In this article, you'll learn how to configure SSO on your IT Glue account using Duo.

Prerequisites

  • Administrator level access to IT Glue
  • Ensure your users are provisioned in Duo, with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
  • Before turning this feature on, log in to your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also log in to two separate browsers.

Instructions

Configuring Duo

  1. Log onto the Duo Admin Panel and navigate to Applications > Protect an Application in the left-hand menu.
  2. Type service provider in the search field and click Protect the Application in the search return.


    Protect_an_Application_-_Applications_-_IT_Glue_Test_-_Duo.png

  3. In the Service Provider section of the configuration page, enter the following information:
    • Service Provider Name: IT Glue
    • Entity ID: https://subdomain.itglue.com
    • Assertion Consumer Service: https://subdomain.itglue.com/saml/consume


      SAML_-_Service_Provider_-_Applications_-_IT_Glue_Test_-_Duo.png

  4. In the SAML Response section, use the settings shown below:


    Skitch_Background_-_Google_Docs.png

  5. Save the application and click on Download your configuration file.


    SAML_-_Service_Provider_-_Applications_-_IT_Glue_Test_-_Duo.png

  6. Navigate to the Duo Access Gateway server's console and click the Configure icon in the Duo Access Gateway application group.
  7. Click Applications and then on Choose File in the Add Applications section. Locate and upload the SAML application JSON file you downloaded in step 5.


    Duo_Access_Gateway_-_Generic_SAML_Service_Provider___Duo_Security.png

  8. Navigate back to the Duo Access Gateway page admin console's Applications page. You will need the information in the Metadata section in the next part of this KB article.


    Duo_Access_Gateway_-_Generic_SAML_Service_Provider___Duo_Security-2.png

Configuring IT Glue

After setting up Duo, you need to configure your IT Glue account to authenticate using SAML. You will need a few pieces of information from Duo to complete step.

Important. It's highly recommended that before you begin the below set of instructions, log in to your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also log in to two separate browsers. This is to ensure that you are still logged in to your account in case you are locked out in the other window.
  1. Log in to IT Glue and click Account in the top navigation bar.
  2. Click Settings from the sidebar.


    Account_Settings___IT_Glue_copy.png

  3. Click on the Authentication tab and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. you will need to collect information from Duo and enter it into this form.


    Untitled-2_copy.png

    • Copy the Duo Entity ID and paste it into the IT Glue Issuer URL field.
    • Copy the Duo Login URL and paste it into the IT Glue SAML Login Endpoint URL field.
    • Copy the Duo Logout URL and paste it into the IT Glue SAML Logout Endpoint URL field.
    • Copy the Duo SHA-1 Fingerprint and paste it into the IT Glue Fingerprint field.
    • Download the Duo certificate and paste it into the IT Glue Certificate field.
      Important. Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).
  4. Click Save to complete the setup of your account.
    Warning. Click Save only when all information has been entered If you turn on SSO before the information is entered, it will break the login experience for all users on your account.

Once you make this change, you can test your account.

Testing SSO Authentication

In the above section, you should have created two IT Glue browser sessions. If you are locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.

To make sure SSO is working, perform the below steps:

  1. Log out of and close the Duo portal.
  2. In a new browser session, navigate directly to the Duo Access Panel.
  3. Enter your Duo credentials to log in.
  4. Click on the IT Glue SSO application you created to be redirected to IT Glue.

Common Questions

When the SSO server is unavailable, how do we access our accounts?

If your SSO provider's service is unavailable, you can still login using your IT Glue username and password at app.itglue.com.

If your SSO is not working, confirm your provider's service is available. Send us an email for assistance.

How do we disable SSO for a user?

To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t currently support disabling user accounts through the SSO server.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us