Ask the Community
Groups
Configuring single sign-on (SSO) for LastPass - Connect IT Community | Kaseya
<main> <article class="userContent"> <p> </p> <p>In this article, you'll learn how to configure SSO on your IT Glue account using LastPass.</p> <div> <p>If you are configuring SSO for MyGlue using LastPass, the instructions are the same but you will need to enter different values when configuring LastPass and your MyGlue account settings page. Click <a rel="nofollow" href="#myglue">here</a> to see the different values that you'll need to substitute in at key steps within this KB article.</p> </div> <p>Prerequisites</p> <ul><li>You must have Administrator level access to IT Glue to configure SSO on your account.</li> <li>Ensure your users are provisioned in the identity provider (LastPass), with exactly the same email address as their IT Glue account. We don’t create user accounts under SSO.</li> <li>Before turning this feature on, log in to your IT Glue account twice - once in a regular browser and once in an incognito/private window. This is to ensure that you are still logged in to your account if you get locked out in the other window. Alternatively, you can also log in to two separate browsers.</li> </ul><p>Instructions</p> <h3 data-id="configuring-lastpass">Configuring LastPass</h3> <ol><li>Log in to the <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Flastpass.com%2Fcompany%2F%23%21%2Fdashboard" rel="noopener nofollow">LastPass admin portal</a> with your admin username and master password.</li> <li>In the left-hand menu of the <strong>Admin Console</strong>, navigate to <strong>SSO & MFA > Applications > Web App</strong>.</li> <li>Click <strong>+ Add Application</strong> in the upper-right corner. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/SATQG8EBW0W1/application-2.png" alt="application-2.png" class="embedImage-img importedEmbed-img"></img></p> </li> <li>Then, click the <strong>Custom</strong> tab and enter a name in the <strong>App Name</strong> field.</li> <li>In the <strong>Service Provider</strong> section of the configuration page, enter the following information: <ol type="a"><li> <strong>ACS </strong>- <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fsubdomain.itglue.com%2Fsaml%2Fconsume">https://subdomain.itglue.com/saml/consume</a></li> <li> <strong>Entity ID </strong>- <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fsubdomain.itglue.com">https://subdomain.itglue.com</a></li> <li> <strong>Nickname </strong>- IT Glue</li> </ol><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/YYU0D7E0J39K/service-provider.png" alt="service_provider.png" class="embedImage-img importedEmbed-img"></img></p> </li> <li>Next in the <strong>Advance setup </strong>section, enter the following information: <ol type="a"><li> <strong>Role</strong> - Optional</li> <li> <strong>IDP</strong> - Default: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fidentity.lastpass.com">https://identity.lastpass.com</a></li> <li> <strong>Relay State</strong> - Optional</li> <li> <strong>Identifier</strong> - Email</li> <li> <strong>SAML signature method</strong> - Select the <strong>SHA256</strong> checkbox. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/GJRQNUJY6MLP/advance-2-2.png" alt="advance-2-2.png" class="embedImage-img importedEmbed-img"></img></p> </li> </ol></li> <li>In the <strong>Custom Attributes </strong>section, enter the following information: <ol type="a"><li>Select the <strong>Sign Assertion</strong> and <strong>Sign Response</strong> checkboxes.</li> <li> <strong>Attribute 1</strong> - Email, SAML attribute name (Email)</li> </ol><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/K4WT7RG1COPR/custom-attributes.png" alt="custom_attributes.png" class="embedImage-img importedEmbed-img"></img></p> </li> </ol><h3 data-id="configuring-it-glue">Configuring IT Glue</h3> <p>After setting up LastPass, you need to configure your IT Glue account to authenticate using SAML. You will need a few pieces of information from LastPass to complete the steps.</p> <div> <strong>Important.</strong> It's highly recommended that before you begin the below set of instructions, log in to your IT Glue account twice - once in a regular browser and once in an incognito/private window. Alternatively, you can also log in to two separate browsers. This is to ensure that you are still logged in to your account in case you are locked out in the other window.</div> <ol><li>Log in to IT Glue and click <strong>Account</strong> in the top navigation bar.</li> <li>Click <strong>Settings</strong> in the sidebar. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/3U2XNNK703EM/account-settings-it-glue-copy.png" alt="Account_Settings___IT_Glue_copy.png" class="embedImage-img importedEmbed-img"></img></p> </li> <li>Click on the <strong>Authentication</strong> tab and then turn the <strong>Enable SAML SSO</strong> toggle switch to <strong>ON</strong>. Once this is turned on, a form will appear. You will need to collect information from LastPass and enter into this form. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/BGCYKQMGG9AL/untitled-2-copy.png" alt="Untitled-2_copy.png" width="708" height="284" class="embedImage-img importedEmbed-img"></img></p> <ol type="a"><li> <strong>Issuer URL </strong>- Enter <em><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fidentity.lastpass.com">https://identity.lastpass.com</a></em> </li> <li> <strong>SAML Login Endpoint URL (a.k.a. SSO Endpoint URL) </strong>-<strong> </strong> Enter <em><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fidentity.lastpass.com%2FSAML%2FSSOService">https://identity.lastpass.com/SAML/SSOService</a></em> </li> <li> <strong>SAML Logout Endpoint URL</strong> - Enter <em><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fidentity.lastpass.com%2FLogin%2FLogout">https://identity.lastpass.com/Login/Logout</a></em> </li> <li> <strong>Fingerprint</strong> - Copy and paste the Certificate Fingerprint.</li> <li> <strong>Certificate</strong> - Download the LastPass certificate and paste it into this field. <div> <strong>Important.</strong> Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).</div> </li> </ol></li> <li>Click <strong>Save</strong> to complete the setup of your account.</li> </ol><p>Once you make this change, you can test your account.</p> <p><a name="myglue" id="myglue"></a></p> <div> <h3 data-id="configuring-myglue">Configuring MyGlue</h3> <p>If you are <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fitglue%2Fhc%2Fen-us%2Farticles%2F360007592878-Setting-up-single-sign-on-SSO-to-MyGlue" rel="noopener nofollow">setting up SSO for MyGlue</a>, complete <em><strong>all</strong></em> steps as instructed in this article. However, there are a few key steps in which you'll need to substitute in different values:</p> <p>Complete step 5 in the <em>Configuring LastPass</em><strong> </strong>section above but use the following values instead:</p> <ul><li> <strong>ACS </strong>- <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fapp.myglue.com%2Fsaml%2Fconsume">https://app.myglue.com/saml/consume</a></li> <li> <strong>Entity ID </strong>- <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fapp.myglue.com">https://app.myglue.com</a></li> <li> <strong>Nickname </strong>- MyGlue</li> </ul></div> </article> </main>