Why is MFA required if SSO is set up?
SSO authentication happens when users log in via yoursubdomain.itglue.com. Your IT Glue credentials are not involved when authenticating via SSO. Even with SSO enabled, users can still log in to IT Glue via app.itglue.com (app.eu.itglue.com or app.au.itglue.com for our EMEA and AU datacenter customers respectively) using their IT Glue credentials (and independent IT Glue MFA, if enabled). These URLs circumvent SSO authentication and are useful in instances such as:
- An SSO provider's service is down.
- An SSO certificate expires.
- Users outside of your organization and SSO directory require access to IT Glue, for example, your client users or contractors.
MFA can be enabled on your IT Glue account outside of SSO. We have always encouraged this as an extra security measure, but we now feel it's right to take a step further by enforcing this extra layer of security.
What does the login workflow look like once MFA is enabled if I already have SSO?
Once we enforce MFA for all IT Glue accounts, the first time a new IT Glue user authenticates via SSO and is redirected back to IT Glue, they'll be prompted to set up MFA on their IT Glue account. This is the current workflow for all IT Glue accounts that have chosen to enforce MFA on their IT Glue account.
Subsequent to this initial log-in, navigating to yoursubdomain.itglue.com will still redirect to your SSO provider for authentication, and then back to IT Glue once successful. No extra steps will be required, and the IT Glue MFA will not be requested. You will not be asked to enter MFA twice if you are authenticating via SSO. IT Glue MFA code will only be required when using app.itglue.com (app.eu.itglue.com or app.au.itglue.com for our EMEA and AU datacenter customers respectively).
Will this affect my integrations in IT Glue?
If there are any integrations using a normal user without 2FA and not an API user, please note they will stop functioning till this is addressed.
Does MFA enforcement apply to MyGlue as well?
MFA enforcement is for IT Glue only, and does not apply to MyGlue.
How do I set up MFA?
You can find step-by-step instructions on how to set up Multi-Factor Authentication in this Knowledge Base article.
If you are using the IT Glue Mobile App, you may see an error "Unable to sign you in. Something doesn’t look right”. Please login to the web-app to set up MFA in that case.