Configuring single sign-on (SSO) for Duo

For partners subscribed to Enterprise plans.

In this article, you'll learn how to configure SSO on your IT Glue account using Duo.

Prerequisites

  • Administrator level access to IT Glue
  • Ensure your users are provisioned in Duo, with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
  • Before turning this feature on, log into your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also log into two separate browsers.

Instructions

  1. Log onto the Duo Admin Panel and click on Applications > Protect an Application.


    IT_Glue_SSO_Duo__5__-_Google_Docs.png

  2. Type service provider in the search field.


    IT_Glue_SSO_Duo__5__-_Google_Docs.png

  3. Click Protect the Application in the SAML - Service Provider section.
  4. In the Service Provider configuration page, type in:
    • Service Provider Name: IT Glue
    • Entity ID: https://subdomain.itglue.com
    • Assertion Consumer Service: https://subdomain.itglue.com/saml/consume


      IT_Glue_SSO_Duo__5__-_Google_Docs.png

  5. Leave all other settings at their defaults as shown below.


    IT_Glue_SSO_Duo__5__-_Google_Docs.png

  6. Save the application and click on Download your configuration file.


    IT_Glue_SSO_Duo__5__-_Google_Docs.png

  7. Log onto the Duo access gateway console, navigate to the downloaded configuration file, and click Upload.


    IT_Glue_SSO_Duo__5__-_Google_Docs.png

  8. Fill in the IT Glue SAML SSO fields as follows:
    Duo IT Glue
    Login URL SAML Login Endpoint URL
    Logout URL SAML Logout Endpoint URL
    Entity ID Issuer URL
    DHA-1 Fingerprint Fingerprint
    Downloaded Certificate Certificate (included begin and end lines)

    IT_Glue_SSO_Duo__5__-_Google_Docs.png

    IT_Glue_SSO_Duo__5__-_Google_Docs.png

  9. Save the configuration in IT Glue.

Configuring IT Glue

Important. It’s highly recommended that before you begin the below set of instructions, log into your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also log into two separate browsers. This is to ensure that you are still logged into your account in case you are locked out in the other window.

After setting up Duo, configure your IT Glue account to authenticate using SAML. You will need the certificate and a few pieces if information from Duo to finish the configuration.

  1. In IT Glue, click Account in the top navigation bar.
  2. Click Settings from the sidebar.


    Account_Settings___IT_Glue.png

  3. Click the Authentication tab.


    Account_Settings___IT_Glue.png

  4. Use the on/off toggle button to turn on SAML SSO.
  5. Copy and paste the following information from Duo into IT Glue:
    • Issue URL
    • SAML Login Endpoint URL
    • SAML Logout Endpoint URL
    • Fingerprint
    • Certificate
  6. Click Save to complete the setup of your account.
Warning. Click Save only when all information has been entered If you turn on SSO before the information is entered, it will break the login experience for all users on your account.

Once you make this change, you can test your account.

Testing SSO Authentication

In the above section, you should have created two IT Glue browser sessions. If you are locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.

To make sure SSO is working, perform the below steps:

  1. Log out of and close the Duo portal.
  2. In a new browser session, navigate directly to the Duo Access Panel.
  3. Enter your Duo credentials to log in.
  4. Click on the IT Glue SSO application you created to be redirected to IT Glue.

Common Questions

When the SSO server is unavailable, how do we access our accounts?

If the SSO server you specified is unavailable for any reason while you're trying to log in, authentication will fail. Send us an email for assistance.

Alternatively, in the event that SSO is unavailable, you can still login using your IT Glue username and password at app.itglue.com.

How do we disable SSO for a user?

To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t currently support disabling user accounts through the SSO server.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us