For partners subscribed to Enterprise plans.
In this article, you'll learn how to configure SSO on your IT Glue account using Duo.
- Administrator level access to IT Glue
- Ensure your users are provisioned in Duo, with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
- Before turning this feature on, sign into your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also sign into two separate browsers.
1. Log onto the Duo Admin Panel and click on Applications > Protect an Application.
2. Type service provider in the search field.
3. Click Protect the Application in the SAML - Service Provider section.
4. In the Service Provider configuration page, type in:
- Service Provider Name: IT Glue
- Entity ID: https://subdomain.itglue.com
- Assertion Consumer Service: https://subdomain.itglue.com/saml/consume
5. Leave all other settings at their defaults as shown below.
6. Save the application and click on Download your configuration file.
7. Log onto the Duo access gateway console, navigate to the downloaded configuration file, and click Upload.
8. Fill in the IT Glue SAML SSO fields as follows:
|Login URL||SAML Login Endpoint URL|
|Logout URL||SAML Logout Endpoint URL|
|Entity ID||Issuer URL|
|Downloaded Certificate||Certificate (included begin and end lines)|
9. Save the configuration in IT Glue.
Configuring IT Glue
After setting up Duo, configure your IT Glue account to authenticate using SAML. You will need the certificate and a few pieces if information from Duo to finish the configuration.
1. In IT Glue, click Account in the top navigation bar.
2. Click Settings from the sidebar.
3. Click the Authentication tab.
4. Use the on/off toggle button to turn on SAML SSO.
5. Copy and paste the following information from Duo into IT Glue:
- Issue URL
- SAML Login Endpoint URL
- SAML Logout Endpoint URL
6. Click Save to complete the setup of your account.
Once you make this change, you can test your account.
Testing SSO Authentication
In the above section, you should have created two IT Glue browser sessions. If you are locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.
To make sure SSO is working, perform the below steps:
1. Sign out of and close the Duo portal.
2. In a new browser session, navigate directly to the Duo Access Panel.
3. Enter your Duo credentials to sign in.
4. Click on the IT Glue SSO application you created to be redirected to IT Glue.
When the SSO service is unavailable, how do we access our accounts?
If the SSO server you specified is unavailable for any reason while you're trying to sign in, authentication will fail. Send us an email for assistance.
How do we disable SSO for a user?
To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t current support disabling user accounts through the SSO server.