# SSO Setup

IT-Conductor supports SAML 2.0-based Single Sign-on.

### Understanding SAML Configuration

In SAML terms, there are two parties:

* **Identity Provider** that supplies the user authentication and is your trusted enterprise credentials - Okta, Microsoft ADFS (Azure or on-prem), Google  Workspace, AWS IAM Identity Center, etc.
* **Service Provider** - In this case, it is IT-Conductor that supports SSO with Identity Provider, so you don't need to maintain/remember a separate set of credentials.

### Configure Identity Provider

To configure Identity Provider, you will need the following IT-Conductor SAML information:

* **Entity ID**: <https://service.itconductor.com>
* **Assertion Consumer Service URL**: <https://service.itconductor.com/saml/acs>
* **Relay State URL**: <https://service.itconductor.com/home>
* **Logout URL**: <https://service.itconductor.com/saml/logout>

Depending on what type of Identity Provider you are configuring, use the links below. Otherwise, use vendor instructions and the information above.

* [Configuring Azure ADFS](/user-guide/setup/sso-setup/azure-adfs-identity-provider.md)
* [Configuring Octa](https://www.okta.com/integrations/it-conductor/)

When the  Identity Provider configuration is complete, either export Identity (Federation) Metadata XML and/or copy the following attributes:

* Identity Provider Identifier
* Login URL
* Logout URL
* Certificate (Base64)

1. Visit [service.itconductor.com](https://service.itconductor.com/) and enter your login credentials.
2. Navigate to **Management → Security → SSO Identity Providers.**

<figure><img src="/files/ntLIYYX5l2mwXMrUlfp0" alt=""><figcaption><p>Figure 1: SSO Identity Providers Actions Panel (Empty List)</p></figcaption></figure>

3. If you have previously exported Identity Metadata XML, click ![](/files/2lEs4tLDnOVmhMN8FjuG) and import the file. This will create the new Identity Provide definition.
4. Alternatively, you can click <img src="/files/oqn8RL2g7n684ORCwtgx" alt="" data-size="line"> to create a new Identity Provider definition.

<figure><img src="/files/CDkbUHDNQmnSyshrqGqv" alt=""><figcaption><p>Figure 2: Create SAML Identity Provider Wizard</p></figcaption></figure>

5. Copy previously saved values to **Identity Provider Info** attributes as the following:

* **Name** - Unique Name - internal to IT-Conductor
* **Description** - Internally identifying information
* **Issuer** - Identity Provider Identifier
* **SSO URL** - Login URL
* **SLO URL** - Logout URL
* **Certificate** - exported base64 certificate

**Service Provider Info** attributes allow you to customize the mapping between Identity Provider and IT-Conductor, normally you don't need to do anything as default mappings should work. Otherwise, contact the IT-Conductor Support Team for assistance.

6. Click <img src="/files/oqn8RL2g7n684ORCwtgx" alt="" data-size="line"> again to insert the Identity Provider.
7. Verify if the identity provider was added to the SSO Identity Providers actions panel.

<figure><img src="/files/kXKZUVYC7dctB4Ua5fZZ" alt=""><figcaption><p>Figure 3: SSO Identity Providers Actions Panel (Updated List)</p></figcaption></figure>

You can now use the SSO to log into IT-Conductor from your Identity Provider.

### How to update the SSO certificate in IT-Conductor

1. On the main menu, navigate to the **Management -> Security -> SSO Identity providers**.&#x20;

{% hint style="info" %}
**Note:** Make sure you have an administrator role; otherwise, you won’t see this option.
{% endhint %}

<figure><img src="/files/mPQsgcTYnw29QBiOSAGT" alt=""><figcaption><p>Figure 4: SSO Identity Providers Option - Main Menu </p></figcaption></figure>

2. Click on the existing certificate entry

<figure><img src="/files/Kn4O0meKoASc8TM7xOBH" alt=""><figcaption><p>Figure 5: SSO Identity Providers </p></figcaption></figure>

3. Open the new certificate in a plain text editor and copy the text.
4. Paste and replace the contents of the new certificate in the **Certificate** box

<figure><img src="/files/kXLKJKejRT8lSqGQ9FpQ" alt=""><figcaption><p>Figure 6: Update Certificate Wizard Screen</p></figcaption></figure>

{% hint style="info" %}
**Note:** Make sure that the certificate is pasted as a continuous, valid block and avoid accidental extra line breaks from editors like Notepad.
{% endhint %}

5. Click on the save <img src="/files/7y7XLw4Pq9rZ6qwlkvIp" alt="" data-size="line"> icon
6. To authenticate that the certificate has been updated, open a private/incognito browser session and perform a full SSO login through your normal portal entry point to verify the new certificate flow works end-to-end with IT Conductor. Then confirm successful access after SAML authentication and check logs if available to ensure the login token and certificate validation succeed.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.itconductor.com/user-guide/setup/sso-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.