# SSO Setup IT-Conductor supports SAML 2.0-based Single Sign-on. ### Understanding SAML Configuration In SAML terms, there are two parties: * **Identity Provider** that supplies the user authentication and is your trusted enterprise credentials - Okta, Microsoft ADFS (Azure or on-prem), Google Workspace, AWS IAM Identity Center, etc. * **Service Provider** - In this case, it is IT-Conductor that supports SSO with Identity Provider, so you don't need to maintain/remember a separate set of credentials. ### Configure Identity Provider To configure Identity Provider, you will need the following IT-Conductor SAML information: * **Entity ID**: * **Assertion Consumer Service URL**: * **Relay State URL**: * **Logout URL**: Depending on what type of Identity Provider you are configuring, use the links below. Otherwise, use vendor instructions and the information above. * [Configuring Azure ADFS](https://docs.itconductor.com/user-guide/setup/sso-setup/azure-adfs-identity-provider) * [Configuring Octa](https://www.okta.com/integrations/it-conductor/) When the Identity Provider configuration is complete, either export Identity (Federation) Metadata XML and/or copy the following attributes: * Identity Provider Identifier * Login URL * Logout URL * Certificate (Base64) 1. Visit [service.itconductor.com](https://service.itconductor.com/) and enter your login credentials. 2. Navigate to **Management → Security → SSO Identity Providers.**

Figure 1: SSO Identity Providers Actions Panel (Empty List)

3. If you have previously exported Identity Metadata XML, click ![](https://377464071-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXhp08OmU8050PePmMgDt%2Fuploads%2FEZuNBNlMpk9FPBc8vYnO%2FImport.gif?alt=media\&token=42728989-8d51-4bea-83c1-f5815f4bb5a9) and import the file. This will create the new Identity Provide definition. 4. Alternatively, you can click

to create a new Identity Provider definition.

Figure 2: Create SAML Identity Provider Wizard

5. Copy previously saved values to **Identity Provider Info** attributes as the following: * **Name** - Unique Name - internal to IT-Conductor * **Description** - Internally identifying information * **Issuer** - Identity Provider Identifier * **SSO URL** - Login URL * **SLO URL** - Logout URL * **Certificate** - exported base64 certificate **Service Provider Info** attributes allow you to customize the mapping between Identity Provider and IT-Conductor, normally you don't need to do anything as default mappings should work. Otherwise, contact the IT-Conductor Support Team for assistance. 6. Click

again to insert the Identity Provider. 7. Verify if the identity provider was added to the SSO Identity Providers actions panel.

Figure 3: SSO Identity Providers Actions Panel (Updated List)

You can now use the SSO to log into IT-Conductor from your Identity Provider. ### How to update the SSO certificate in IT-Conductor 1. On the main menu, navigate to the **Management -> Security -> SSO Identity providers**. {% hint style="info" %} **Note:** Make sure you have an administrator role; otherwise, you won’t see this option. {% endhint %}

Figure 4: SSO Identity Providers Option - Main Menu

2. Click on the existing certificate entry

3. Open the new certificate in a plain text editor and copy the text. 4. Paste and replace the contents of the new certificate in the **Certificate** box

Figure 6: Update Certificate Wizard Screen

{% hint style="info" %} **Note:** Make sure that the certificate is pasted as a continuous, valid block and avoid accidental extra line breaks from editors like Notepad. {% endhint %} 5. Click on the save

icon 6. To authenticate that the certificate has been updated, open a private/incognito browser session and perform a full SSO login through your normal portal entry point to verify the new certificate flow works end-to-end with IT Conductor. Then confirm successful access after SAML authentication and check logs if available to ensure the login token and certificate validation succeed.