Enforced SSO Access Control

For partners subscribed to Basic with SSO 2021, Select with SSO 2021, and Enterprise plans.

Introduction

With this account settings update, if you have an Administrator role in your IT Glue account, you can now configure authentication settings to only allow users to log in to IT Glue by using your SSO provider. You can set this up by enabling the Enforced SSO Logins feature. Enforced SSO applies to IT Glue web browser extensions and mobile apps (on iOS and Android).

NOTE  Enforced SSO Logins can be configured only as part of SAML or JWT.

NOTE   Compare the list of users in the SSO directory with IT Glue users and ensure anyone who does not exists in the SSO Directory are added to the directory.

IMPORTANT  IT Glue accounts with SSO enabled, but not enforced when using subdomain.itglue.com will have the option of both SSO login and local credentials.

Procedure

  1. Navigate to Account > Settings > Authentication.
  2. Navigate to either the SAML SSO or JWT SSO settings based on how you enabled Single Sign On.
  3. Enable the option Enforce SSO Logins.

  4. (Optional) To override and allow specific users to log in without SSO, please search and select users. These users will be able to use the override links to bypass SSO.
    As of September 28, 2023: A user on the override list will always be required to log in through SSO, unless the user selects the following links based on their datacenter location:

The preceding links work only on the web app and will not work on the mobile app or the browser extension.

  1. Click Save

NOTE  If the sole Administrator of an IT Glue account is locked out due to an SSO issue and Enforced SSO is on, then they can raise a support request and upon successful verification, we can:

  • Disable Enforce SSO or
  • Add them as an SSO Override user, making the above override links their only way to log in to IT Glue.

Enable log in with KaseyaOne for IT Glue

To enable log in with KaseyaOne for IT Glue, do the following:

  1. From the IT Glue home page, navigate to Admin > Settings > Authentication.

  2. Select the Enable Log In with KaseyaOne toggle switch in the Single Sign-On (SSO) section.

    When you enable this toggle switch, the Require Log In with KaseyaOne toggle switch is also automatically enabled.

    To log in to IT Glue without being forcedly redirected to KaseyaOne for authorization, the administrator should:

  3. To enable users in KaseyaOne who are granted access to IT Glue to have an IT Glue user created automatically, enable the option Enable Automatic User Provisioning.

  4. Choose a Role to be assigned to all new users created.

    NOTE  By default, the role type will be Editor.

  5. Assign these users to groups. You can select one, multiple or all groups individually or select the option Select All Groups to assign users to all the groups.

    NOTE  The Select All Groups option will be auto-selected for users with Administrator role. Lite users can be assigned to Groups, but there will not be any impact on which Organizations they can access.

  6. Select which IT Glue Organizations to which the users should have access by using any of the following options:

    • Add All

    • Remove All

    • Allow All Organizations

  7. Click Save to complete the process.

  8. After you select this switch, the KaseyaOne log in page automatically opens prompting you to enter your KaseyaOne (username, password, and company name) credentials and then the verification code.

  9. After you have successfully logged in to KaseyaOne, you will be redirected back to the IT Glue portal.
    Unified login for IT Glue is now enabled and all users will automatically gain access to IT Glue via Log in with KaseyaOne.