For partners subscribed to Enterprise plans.
In this article, you'll learn how to configure SSO on your IT Glue account using Duo.
If you are configuring SSO for MyGlue using Duo, the instructions are the same but you will need to enter different values when configuring Duo and your MyGlue account settings page. Click here to see the different values that you'll need to substitute in at key steps within this KB article.
- You must have Administrator level access to IT Glue to configure SSO on your account.
- Ensure your users are provisioned in the identity provider (Duo), with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
- Before turning this feature on, log in to your IT Glue account twice - once in a regular browser and once in an incognito/private window. This is to ensure that you are still logged in to your account if you get locked out in the other window. Alternatively, you can also log in to two separate browsers.
- Log onto the Duo Admin Panel and navigate to Applications > Protect an Application in the left-hand menu.
- Type service provider in the search field and click Protect the Application in the search return.
- In the Service Provider section of the configuration page, enter the following information:
- Service Provider Name - IT Glue
- Entity ID - https://subdomain.itglue.com
- Assertion Consumer Service - https://subdomain.itglue.com/saml/consume
Configuring IT Glue
After setting up Duo, you need to configure your IT Glue account to authenticate using SAML. You will need a few pieces of information from Duo to complete step.
- Log in to IT Glue and click Account in the top navigation bar.
- Click Settings from the sidebar.
- Click on the Authentication tab and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. you will need to collect information from Duo and enter it into this form.
- Copy the Duo Entity ID and paste it into the IT Glue Issuer URL field.
- Copy the Duo Login URL and paste it into the IT Glue SAML Login Endpoint URL field.
- Copy the Duo Logout URL and paste it into the IT Glue SAML Logout Endpoint URL field.
- Copy the Duo SHA-1 Fingerprint and paste it into the IT Glue Fingerprint field.
- Download the Duo certificate and paste it into the IT Glue Certificate field.
Important. Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).
- Click Save to complete the setup of your account.
Warning. Click Save only when all information has been entered If you turn on SSO before the information is entered, it will break the login experience for all users on your account.
Once you make this change, you can test your account.
If you are setting up SSO for MyGlue, complete all steps as instructed in this article. However, there are a few key steps in which you'll need to substitute in different values:
Complete step 3 in the Configuring Duo section above but use the following values instead:
- Service Provider Name - MyGlue
- Entity ID - https://app.myglue.com
- Assertion Consumer Service - https://app.myglue.com/saml/consume
When you reach the Configuring IT Glue section above, navigate instead to Account > MyGlue. In the Actions drop-down menu, select Edit. Then, scroll down to the Single Sign-on section and toggle the Enable SAML SSO switch to ON. Then, complete step 3 of this section but use the following values to fill in the form instead:
- Issuer URL - https://app.myglue.com
- SAML Login Endpoint URL - https://app.myglue.com/saml/consume
- SAML Logout Endpoint URL - https://app.myglue.com/logout
For EU partners, please use https://app.eu.myglue.com.
How do we disable SSO for a user?
To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t currently support disabling user accounts through the SSO server.