Configuring SAML SSO for JitBit

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and JitBit.

Prerequisites

1. Log in to ADSelfService Plus as an administrator.
2. Navigate to  Configuration > Self-Service > Password Sync/Single Sign On > Add Application, and select JitBit from the applications displayed.
   Note: You can also find the application that you need from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.
3. Click IdP details at the top-right corner of the screen.
4. In the pop-up that appears, copy the Entity ID and Login URL, and download the SSO certificate by clicking on the Download X.509 Certificate link.

JitBit (Service Provider) configuration steps

1. Login to JitBit portal with an administrator’s credentials.
2. Navigate to Administration > General Settings > Enable SAML 2.0 single sign on.



3. Navigate to Enable SAML 2.0 single sign on.



1. Enter the Login URL copied in step 4 of the prerequisites in the Login URL field.
2. Open X.509 certificate downloaded in step 4 of the prerequisites as a text file. Copy and paste the content it in the Certificate (Base 64) text field.
3. Enter the Entity ID copied in step 4 of the prerequisites in the Entity ID field.
4. Enable the Redirect users to the identity provider automatically when SAML enable button if you want your users to sign-in to JitBit only with ADSelfService Plus SSO. If not, provide the SAML login button text, which will be shown as a login button on the JitBit login page. Users will be
4. Make note of the Reply URL from the JitBit UI. We will need this during subsequent steps.



5. Click the SAML metadata URL link to open the JitBit SAML metadata. Locate the AssertionConsumerService parameter and copy it.



6. Click Save Changes.

ADSelfService Plus (Identity Provider) configuration steps

1. Now, switch to ADSelfService Plus’ JitBit configuration page.



2. Enter the Application Name and Description.
3. In the Assign Policies field, select the policies for which SSO need to be enabled.
   Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
4. Select Enable Single Sign-On.
5. Enter the Domain Name of your JitBit account. For example, if you use johndoe@thinktodaytech.com to log in to JitBit, then thinktodaytech.com is the domain name.
6. Enter your JitBit subdomain in the Subdomain field.
7. Enter the Reply URL copied in step 4 of the SP configuration in the Assertion Consumer Service URL field.

Note: If the JitBit metadata copied in step 5 of the SP configuration contains multiple Assertion Consumer URLs, click the + button next to the text field and add each of them.

8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.
Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.
9. Click Add Application.

Your users should now be able to sign in to JitBit through ADSelfService Plus.

Note: For JitBit, both SP and IDP initiated flows are supported.