For partners subscribed to Enterprise plans.
In this article, you'll learn how to configure SSO on your IT Glue account using LastPass.
If you are configuring SSO for MyGlue using LastPass, the instructions are the same but you will need to enter different values when configuring LastPass and your MyGlue account settings page. Click here to see the different values that you'll need to substitute in at key steps within this KB article.
- You must have Administrator level access to IT Glue to configure SSO on your account.
- Ensure your users are provisioned in the identity provider (LastPass), with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
- Before turning this feature on, log in to your IT Glue account twice - once in a regular browser and once in an incognito/private window. This is to ensure that you are still logged in to your account if you get locked out in the other window. Alternatively, you can also log in to two separate browsers.
- Log in to the LastPass admin portal with your admin username and master password.
- In the left-hand menu of the Admin Console, navigate to SSO & MFA > Applications > Web App.
- Click + Add Application in the upper-right corner.
- Then, click the Custom tab and enter a name in the App Name field.
- In the Service Provider section of the configuration page, enter the following information:
- ACS - https://subdomain.itglue.com/saml/consume
- Entity ID - https://subdomain.itglue.com
- Nickname - IT Glue
- Next in the Advance setup section, enter the following information:
- Role - Optional
- IDP - Default: https://identity.lastpass.com
- Relay State - Optional
- Identifier - Email
- SAML signature method - Select the SHA1 checkbox.
- In the Custom Attributes section, enter the following information:
- Select the Sign Assertion and Sign Response checkboxes.
- Attribute 1 - Email, SAML attribute name (Email)
Configuring IT Glue
After setting up LastPass, you need to configure your IT Glue account to authenticate using SAML. You will need a few pieces of information from LastPass to complete the steps.
- Log in to IT Glue and click Account in the top navigation bar.
- Click Settings in the sidebar.
- Click on the Authentication tab and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. You will need to collect information from LastPass and enter into this form.
- Issuer URL - Enter https://identity.lastpass.com
- SAML Login Endpoint URL (a.k.a. SSO Endpoint URL) - Enter https://identity.lastpass.com/SAML/SSOService
- SAML Logout Endpoint URL - Enter https://identity.lastpass.com/Login/Logout
- Fingerprint - Copy and paste the Certificate Fingerprint.
- Certificate - Download the LastPass certificate and paste it into this field.
Important. Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).
- Click Save to complete the setup of your account.
Once you make this change, you can test your account.
If you are setting up SSO for MyGlue, complete all steps as instructed in this article. However, there are a few key steps in which you'll need to substitute in different values:
Complete step 5 in the Configuring LastPass section above but use the following values instead:
- ACS - https://app.myglue.com/saml/consume
- Entity ID - https://app.myglue.com
- Nickname - MyGlue
When you reach the Configuring IT Glue section above, navigate instead to Account > MyGlue. In the Actions drop-down menu, select Edit. Then, scroll down to the Single Sign-on section and toggle the Enable SAML SSO switch to ON. Then, complete step 3 of this section but use the following values to fill in the form instead:
- Issuer URL - https://app.myglue.com
- SAML Login Endpoint URL - https://app.myglue.com/saml/consume
- SAML Logout Endpoint URL - https://app.myglue.com/logout
For EU partners, please use https://app.eu.myglue.com.