Ask or search…
Comment on page

SSO Setup

IT-Conductor supports SAML 2.0-based Single Sign-on.

Understanding SAML configuration

In SAML terms there are two parties:
  • Identity Provider that supplies the user authentication and is your trusted enterprise credentials - Okta, Microsoft ADFS (Azure or on-prem), Google Workspace, AWS IAM Identity Center, etc.
  • Service Provider - In this case, it is IT-Conductor that supports SSO with Identity Provider, so you don't need to maintain/remember a separate set of credentials.

Identity Provider configuration

To configure Identity Provider you will need the following IT-Conductor SAML information:
  • Entity ID:
  • Assertion Consumer Service URL:
  • Relay State URL:
  • Logout URL:
Depending on what type of Identity Provider you are configuring, use the links below. Otherwise, use vendor instructions and the information above.
When the Identity Provider configuration is complete either export Identity (Federation) Metadata XML and/or copy the following attributes:
  • Identity Provider Identifier
  • Login URL
  • Logout URL
  • Certificate (Base64)
In IT-Conductor navigate to Management > Security > SSO Identity Providers.
Figure 1: SSO Identity Providers (Empty List)
If you have exported previously Identity Metadata XML, click
and import the file. This will create the new Identity Provide definition.
Alternatively, you can click
to create a new Identity Provider definition.
Figure 2: Create Identity Provider
Copy previously saved values to Identity Provider Info attributes as the following:
  • Name - Unique Name - internal to IT-Conductor
  • Description - Internally identifying information
  • Issuer - Identity Provider Identifier
  • SSO URL - Login URL
  • SLO URL - Logout URL
  • Certificate - exported base64 certificate
Service Provider Info attributes allow you to customize the mapping between Identity Provider and IT-Conductor, normally you don't need to do anything as default mappings should work. Otherwise, contact the IT-Conductor Support Team for assistance
again to insert the Identity Provider.
When done the Identity Provider should show in the list.
Figure 3: SSO Identity Providers (Updated List)
You now can use the SSO to login into IT-Conductor from your Identity Provider.