- Log into AuthAnvil 2FA Manager and browse to the Single Sign On tab > Application
- Select Add new Application button
- Select Add a custom application
- Select Add a Customer Application.
- Add the Application name IT Glue.
- Add the Application to an exiting SSO User Role.
- Change Application Image.
Select Choose File. Upload the IT glue Logo (attached to this article).
- Select the Protocol Configuration.
- Select IdP-Init from the drop down protocol list
- Update the following:
Reply To URL: https://(YourCompanyName).itglue.com/saml/consume
Audience URI: https://(YourCompanyName).itglue.com
Note: Replace YourCompanyName with your IT GLue instance.
- Select Advance Protocol Settings.
and deselect Sign Message.
- Select the Attribute Maps
Select the edit link beside the current attribute in there
- From the drop down,
Ensure the Outgoing Claim Type stays http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
- Select the Update Map
Once the attribute map has been added. Select Save.
- Select Certificate Authority
Copy the Thumbprint to a notepad document as you will need this to configure ITGlue.
Select Show Certificate (which will switch to Hide Certificate when selected)
Copy the encoded certificate to the same note pad keeping it separate from the thumbprint.
Note: you’ll want to add a header and footer to the Notepad prior to adding to ITGlue configuration. A sample of how this should be in below:
Proceed to configure ITGlue's side in accordance to their steps, which may include exporting the certificate from this newly added application.
- From Account > Settings, scroll down to Single Sign On and select Enable SAML SSO.
- Enter the information copied from AuthAnvil SSO in the text boxes provided:
- Issuer URL: Issuer URL
- SSO Endpoint: SAML2.0 Endpoint (HTTP) URL
- SLO Endpoint: SLO Endpoint (HTTP) URL
- Fingerprint: SHA Fingerprint
- Certificate: X.509 Certificate
Once you make this change, users will be required to sign in with AuthAnvil SSO when visiting your account subdomain (mycompany.itglue.com) if they're not already authenticated.
How does SSO sign me in?
Whenever IT Glue (mycompany.itglue.com) or one of your other apps or sites wants to authenticate you via SSO, they'll redirect you to the authentication domain (AuthAnvil SSO). If you are not signed in, you can sign in using your AuthAnvil SSO credentials. But if you're already signed in, you won't need to sign in again. You are immediately redirected back to the target site (e.g. IT Glue) with the necessary authentication token. This token is used by the target site's server to verify that you are authenticated with the authentication server.
Signing in to IT Glue using SAML (technical view)
What information do I need to enter if I use a different SAML identity provider?
If you configure your own solution, you will need to enter the following information:
- Issuer URL - the URL that uniquely identifies your SAML identity provider
- SSO Endpoint - the SAML login URL of the SAML server
- SLO Endpoint - a URL where IT Glue can redirect users after they sign out of IT Glue (optional)
- Fingerprint - the appropriate value based on the information provided by your identity provider
- Certificate - the authentication certificate issued by your identity provider
When the SSO server is unavailable, how do we access our accounts?
If the SSO server you specified is unavailable for any reason while you're trying to log in, authentication will fail. Send IT Glue IT support an email directly for assistance.
How do we disable SSO for a user?
If a member has left your team, and you’d like to disable their user account, an Admin or Manager will need to delete their account from the Account > Users page in IT Glue. We don't currently support disabling user accounts through the SSO server.