Configuring single sign-on (SSO) with OneLogin - Connect IT Community

/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .super-nav { display: flex; justify-content: flex-end; align-items: center; margin: 0 auto; max-width: 1264px; padding-left: 40px; padding-right: 40px; height: 40px; text-align: right; } .super-nav a { color: #34427c; margin-right: 20px; padding: 10px; text-decoration: none; } .super-nav a:hover, .super-nav a:focus { background-color: #f7f9fa; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 0; } .footer-image { background-image: url("/themes/kaseya/assets/images/footerImage.png"); height: 500px; background-repeat: no-repeat; background-size: cover; margin-top: -100px; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer-main-content { background-color: #000; padding: 100px 0; } .footer .footer-col-title { color: #ffffff; font-weight: 700; font-size: 13px; padding-bottom: 10px; text-transform: uppercase; } .footer .footer-link { color: #9b9ca0; text-decoration: none; } .footer .footer-link:hover, .footer .footer-link:focus, .footer .footer-link:active { text-decoration: underline; } .footer-main-content .footer-link { padding-top: 10px; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-main-content-row { align-items: flex-start; } .footer-bottom-content { padding: 10px; align-items: center; } .footer-col { padding: 0 3px; display: flex; flex-direction: column; } .footer-col-copyRight { justify-content: flex-start; color: #9b9ca0; flex: 1; display: flex; } .footer-last-col { flex-direction: row; } .footer-last-col .footer-link { padding-right: 10px; text-transform: uppercase; } @media screen and (max-width: 768px) { .super-nav { padding-right: 0; } .footer-image { height: 250px; } .footer-main-content { padding: 40px 0; } .footer .footer-col-title { padding-top: 10px; } .footer-row:not(.footer-main-content-row) { display: block; } .footer-col:not(.footer-main-content-col) { width: 100%; text-align: center; padding: 10px 0; } .footer-main-content-col { width: 50%; } .footer-last-col { flex-direction: column; } .footer-last-col .footer-link { padding-bottom: 10px; } } /*# sourceMappingURL=styles.css.map */ Ask the Community Groups

Configuring single sign-on (SSO) with OneLogin - Connect IT Community | Kaseya

For partners subscribed to Enterprise plans.

In this article, you'll learn how to configure SSO on your IT Glue account using OneLogin. For instructions on how to configure SSO for MyGlue using OneLogin, refer to the blue info

If you are configuring SSO for MyGlue using OneLogin, the instructions are the same but you will need to enter different values when configuring OneLogin and your MyGlue account settings page. Click here to see the different values that you'll need to substitute in at key steps within this KB article.

Note: These instructions refer to OneLogin but you can use any SSO provider that supports SAML 2.0 or configure your own solution. For more information, refer to our main SAML topic.

Prerequisites

You must have Administrator level access to IT Glue to configure SSO on your account.
Ensure your users are provisioned in the identity provider (OneLogin), with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.
Before turning this feature on, log in to your IT Glue account twice - once in a regular browser and once in an incognito/private window. This is to ensure that you are still logged in to your account if you get locked out in the other window. Alternatively, you can also log in to two separate browsers.

Instructions

Configuring OneLogin

OneLogin for IT Glue works the way it does for other sites and apps. In other words, a user logs in once to have automatic access to IT Glue and many other applications such as email, your CRM, and so on without having to log in separately to those services.

In the admin portal for OneLogin, navigate to Applications > Applications and then search for and select IT Glue.
Click Save to add the app to your Company Apps and display additional configuration tabs.
In the Configuration tab, enter your IT Glue subdomain in the field provided. For example, if your IT Glue account URL is "mycompany.itglue.com", then you would enter mycompany. If you have an EU-hosted IT Glue account, then you would enter mycompany.eu in the field.
On the SSO tab, select SHA-265 in the SAML Signature Algorithm drop-down menu. Then, copy the three URLs (Issuer, SAML 2.0 Endpoint, SLO Endpoint) that are displayed on this screen using their respective Copy to Clipboard buttons.
Click the View Details link under the X.509 Certificate. Ensure the SHA fingerprint drop-down is set to SHA1 before clicking the Copy to Clipboard button.
Scroll down to the X.509 Certificate section and click the Copy to Clipboard button to copy the entire certificate, including the Begin Certificate and End Certificate text.
Finally, on the Access tab, assign the application to a user role that will allow users to access IT Glue.

Configuring IT Glue

After setting up OneLogin, you will need to configure your IT Glue account to authenticate using SAML. You will need a few pieces of information from OneLogin to complete this step.

Important. It's highly recommended that before you begin the below set of instructions, log in to your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also log in to two separate browsers. This is to ensure that you are still logged in to your account in case you are locked out in the other window.

Log in to IT Glue and navigate to Account > Settings > Authentication tab.
Click to turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. You will need to enter the information you collected from OneLogin in the section above into this form.
1. Copy the OneLogin Issuer URL and paste it into the IT Glue Issuer URL field.
2. Copy the OneLogin SAML 2.0 Endpoint URL and paste it in the IT Glue SAML Login Endpoint URL field.
3. Copy the OneLogin SLO Endpoint URL and paste it in the IT Glue SAML Logout Endpoint URL field.
4. Copy the SHA-1 fingerprint you created above and paste it into the IT Glue Fingerprint field.
5. Copy the X.509 certificate and paste it into the IT Glue Certificate field.
  
  Important. Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).
Click Save.
Warning. Click Save only when all information has been entered. If you turn on SSO prematurely, it will break the login experience for all users on your account.

Once you make this change, you can test your access.

Configuring MyGlue

If you are setting up SSO for MyGlue, complete all steps as instructed in this article. However, there are a few key steps in which you'll need to substitute in different values:

Complete step 3 in the Configuring OneLogin section above but use the following values instead:

In the Configuration tab, enter https://app.myglue.com

Testing SSO authentication

Before you configured SSO, you should have created two IT Glue browser sessions. If you get locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.

To make sure SSO is working, perform these steps:

Log out of and close any OneLogin browser sessions you have open.
In a new browser session, navigate to your IT Glue account subdomain (mycompany.itglue.com) directly. This should redirect you to the identity provider.
Enter your SSO credentials.

After entering your credentials, you should be redirected and logged into IT Glue.

Troubleshooting an email mismatch

If you have been using OneLogin for some time, your IT Glue account admin email may not match your OneLogin admin email. This can be remedied by doing the following:

In OneLogin, go to Users > Account_Owner.
Select the Applications tab.
Select IT Glue to open the Edit Login pane.

Here you can overwrite the default fields for your IT Glue login and insert the correct information to match your OneLogin credentials with your IT Glue credentials.

Common Questions

When the SSO server is unavailable, how do we access our accounts?

If your SSO provider's service is unavailable, you can still login using your IT Glue username and password at app.itglue.com.

If your SSO is not working, confirm your provider's service is available. Send us an email for assistance.

How do we disable SSO for a user?

To disable a user account, an Administrator or a Manager will need to navigate to the Account > Users page in IT Glue. We don’t currently support disabling user accounts through the SSO server.