Ask the Community
Groups
Adding IT Glue - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>To configure IT Glue in the Single Sign On Manager please follow these steps</strong></p> <ol><li>Select <strong>Directory Manager</strong>.</li> <li>Select <strong>Groups</strong>.</li> <li>Select the Blue plus sign in the bottom right corner.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/THTGM53QO2RU/blue-png.png" alt="blue.PNG" width="45" height="42" class="embedImage-img importedEmbed-img"></img></li> <li>Name the Group <strong>IT Glue</strong> <strong>Users</strong>.<br><strong>Note</strong>: If you have other existing Groups for SSO users you can use one of these as well.</li> <li>Select <strong>ADD GROUP</strong>.</li> <li>Select <strong>SSO Manager</strong>.</li> <li>Select the Blue plus sign in the bottom right corner.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/THTGM53QO2RU/blue-png.png" alt="blue.PNG" width="45" height="42" class="embedImage-img importedEmbed-img"></img></li> <li>Select the Catalog Icon.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/5ACCL0XGUEAD/mceclip0.png" alt="mceclip0.png" width="33" height="99" class="embedImage-img importedEmbed-img"></img></li> <li>Select IT Glue from catalog.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/XIFCOAFJO9PQ/1-png.png" alt="" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Application is enabled</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/TD4X4PE3TPYK/2-png.png" alt="" width="233" height="178" class="embedImage-img importedEmbed-img"></img></li> <li>Select Protocol configuration. Update the following.<br><strong>Assertion Consumer Service URL:</strong> <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fdomain.itglue.com%2Fsaml%2Fconsume">https://domain.itglue.com/saml/consume</a><br><strong>Service Entity IR (Issuer)</strong>: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fdomain.itglue.com">https://domain.itglue.com</a><br><strong>Audience URI</strong>: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fdomain.itglue.com">https://domain.itglue.com</a> (Select Add)<br>Select <strong>Remove</strong> on <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fdomain.itglue.com">https://domain.itglue.com</a> that was displayed automatically.<strong><br>Note</strong>: Replace domain with your own base URL for your IT Glue instance for all of the above.<br><br><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/L8WL4HMJ7SGW/3-png.png" alt="" width="360" height="395" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Add Application</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/TG5BWZI2DW1B/4-png.png" alt="" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Signing and Encryptio</strong>n.</li> <li>Select <strong>Copy</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/C0UI9HUU1Z1D/5-png.png" alt="" class="embedImage-img importedEmbed-img"></img></li> <li>Copy the certificate thumbprint as you will need this to configure the IT Glue instance.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/KCT397SQF3EI/6-png.png" alt="" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Permissions</strong>.</li> <li>Select <strong>Add Groups.<br></strong>Select the <strong>Group</strong> you chose in Step 4.</li> <li>Select <strong>Save Changes</strong>.</li> </ol><p><strong>Configuring IT Glue to accept SAML authentication</strong></p> <ol><li>From <strong>Account > Settings</strong>, scroll down to <strong>Single Sign On</strong> and click <strong>Enable SAML SSO</strong>.</li> <li>Enter the information copied from Passly in the text boxes provided:<br>Issuer URL:<strong>Issuer URL </strong><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> On-Demand Tenant)/trust<br>SSO Endpoint: <strong>SAML2.0 Endpoint (HTTP) URL </strong><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> On-Demand Tenant)<a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fproserve.my.authanvil.com%2Ftrust">/</a>signin <br>SSO Logout Endpoint: <strong>SLO Endpoint (HTTP) URL </strong><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> On-Demand Tenant)/apps <br><strong>Note</strong>: Replace <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> On-Demand Tenant) with your actual tenant URL<br>Fingerprint: <strong>SHA Fingerprint<br></strong>Certificate: <strong>X.509 Certificate</strong> </li> <li>Click <strong>Save</strong>. <div>Click Save only if you have Passly ready to go. If you enable SSO prematurely, it will break the sign in experience for all users on your account.</div> </li> </ol><p> </p> <p> </p> <p>Once you make this change, users will be required to sign in with Passly when visiting your account subdomain (mycompany.itglue.com) if they're not already authenticated.</p> <p><strong>Common Questions</strong></p> <p><strong>How does SSO sign me in?</strong></p> <p>Whenever IT Glue (mycompany.itglue.com) or one of your other apps or sites wants to authenticate you via SSO, they'll redirect you to the authentication domain (Passly). If you are not signed in, you can sign in using your Passly credentials. But if you're already signed in, you won't need to sign in again. You are immediately redirected back to the target site (e.g. IT Glue) with the necessary authentication token. This token is used by the target site's server to verify that you are authenticated with the authentication server.</p> <p><em>Signing in to IT Glue using SAML (technical view)</em></p> <p><img src="http://kb.itglue.com/hc/en-us/article_attachments/208817027/Screen_Shot_2016-06-28_at_9.52.33_AM.png" alt="" class="embedImage-img importedEmbed-img"></img><strong><br>What information do I need to enter if I use a different SAML identity provider?</strong></p> <p>If you configure your own solution, you will need to enter the following information:</p> <ul><li> <strong>Issuer URL</strong> - the URL that uniquely identifies your SAML identity provider</li> <li> <strong>SSO Endpoint</strong> - the SAML login URL of the SAML server</li> <li> <strong>SLO Endpoint</strong> - a URL where IT Glue can redirect users after they sign out of IT Glue (optional)</li> <li> <strong>Fingerprint</strong> - the appropriate value based on the information provided by your identity provider</li> <li> <strong>Certificate</strong> - the authentication certificate issued by your identity provider</li> </ul><p><strong><br>When the SSO server is unavailable, how do we access our accounts?</strong></p> <p>If the SSO server you specified is unavailable for any reason while you're trying to log in, authentication will fail. Send us an <a rel="nofollow" href="mailto:support@itglue.com">email</a> IT Glue directlyfor assistance.</p> <p><strong><br>How do we disable SSO for a user?</strong></p> <p>If a member has left your team, and you’d like to disable their user account, an Admin or Manager will need to delete their account from the <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fkb.itglue.com%2Fhc%2Fen-us%2Farticles%2F211855368">Account > Users</a> page in IT Glue. We don't currently support disabling user accounts through the SSO server. </p> </article> </main>