Enforced SSO Access Control

For partners subscribed to Basic with SSO 2021, Select with SSO 2021, and Enterprise plans.

Introduction

With this account settings update, if you have an Administrator role in your IT Glue account, you can now configure authentication settings to only allow users to log in to IT Glue by using your SSO provider. You can set this up by enabling the Enforced SSO Logins feature. Enforced SSO applies to IT Glue web browser extensions and mobile apps (on iOS and Android).

Note: Enforced SSO Logins can be configured only as part of SAML or JWT.

Note: Compare the list of users in the SSO directory with IT Glue users and ensure anyone who does not exists in the SSO Directory are added to the directory.

Important note:  IT Glue accounts with SSO enabled, but not enforced when using subdomain.itglue.com will have the option of both SSO login and local credentials.

Procedure

  1. Navigate to Account > Settings > Authentication.
  2. Navigate to either the SAML SSO or JWT SSO settings based on how you enabled Single Sign On.
  3. Enable the option Enforce SSO Logins.
    Enforced SSO 1.png
  4. (Optional) To override and to make it a requirement for specific users who cannot login via SSO, search and select users. These users will be able to use the override links to bypass SSO.
    As of September 28, 2023: A user on the override list will always be required to log in through SSO, unless the user selects the following links based on their datacenter location:
    The preceding links work only on the web app and will not work on the mobile app or the browser extension.

    Enforced SSO 2.png

  5. Click Save
    Note: If the sole Administrator of an IT Glue account is locked out due to an SSO issue and Enforced SSO is on, then they can raise a support request and upon successful verification, we can:
    • Disable Enforce SSO or
    • Add them as an SSO Override user, making the above override links their only way to log in to IT Glue.

Enable log in with KaseyaOne for IT Glue 

To enable log in with KaseyaOne for IT Glue, do the following:

  1. From the IT Glue home page, navigate to Admin > Settings > Authentication.
  2. Select the Enable Login with KaseyaOne toggle switch in the Single Sign-On (SSO) section.
    Enable_Login_KaseyaOne.png
    When you enable this toggle switch, the Require Log In with KaseyaOne toggle switch is also automatically enabled. 
    Require_Login_With_KaseyaOne.png
    To log in to IT Glue without being forcedly redirected to KaseyaOne for authorization, the administrator should:
  3. To enable users in KaseyaOne who are granted access to IT Glue to have an IT Glue user created automatically, enable the option Enable Automatic User Provisioning.
    Enable_Automatic_Provisioning.png
  4. Choose a Role to be assigned to all new users created.
    Note: By default, the role type will be Editor.
  5. Assign these users to groups. You can select one, multiple or all groups individually or select the option Select All Groups to assign users to all the groups.
    Note: The Select All Groups option will be auto-selected for users with Administrator role. Lite users can be assigned to Groups, but there will not be any impact on which Organizations they can access.
  6. Select which IT Glue Organizations to which the users should have access by using any of the following options:
    • Add All
    • Remove All
    • Allow All Organizations
  7. Click Save to complete the process.
  8. After you select this switch, the KaseyaOne log in page automatically opens prompting you to enter your KaseyaOne (username, password, and company name) credentials and then the verification code.
    KaseyaOne_LoginPage.png

  9. After you have successfully logged in to KaseyaOne, you will be redirected back to the IT Glue portal.
    Unified login for IT Glue is now enabled and all users will automatically gain access to IT Glue via Log in with KaseyaOne.

 

Have more questions?

Contact us

Was this article helpful?
1 out of 3 found this helpful

Provide feedback for the Documentation team!

Browse this section