ConnectWise - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for ConnectWise using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with ConnectWise, ensure you meet the following requirements:
- ConnectWise admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in ConnectWise are registered in your IdP and have the necessary permissions to access ConnectWise.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
ConnectWise - SSO configuration
Prepare ConnectWise SSO
- Log into your ConnectWise dashboard.
- On the bottom-left, click on System.
- Select Set Up Table.
- In the Table search bar, type SSO.
- Click on SSO Configuration, then click on + to add a new SSO entry.
- Complete the following fields:
| Field | Value |
|---|---|
| Description | Multi-Pass |
| SSO Type | SAML |
| Locations | Choose based on user location for SSO |
- Leave the window open and open a new one for Multi-Pass.
Access Multi-Pass and Client Configuration
- Select the right deployment, then open the Advanced Console.
- In the left menu, go to Clients, and choose one of the following:
- Import client (if you already have the ConnectWise metadata file), or Create client manually
- You can download the metadata file from ConnectWise here: https://<SITE_NAME>/v4_6_release/auth/<COMPANY_ID>/metadata
- Complete the different fields: Basic Client Info
| Field | Value |
|---|---|
| Name | ConnectWise |
| Description | SSO Integration |
| Always display in UI | ON |
| Client Type | SAML |
| Encrypt Assertions | OFF |
| Client Signature Required | OFF |
- Please verify the next fields to be well completed :
- Settings Tab
| Field | Value |
|---|---|
| Valid Redirect URIs | https://<SITE_NAME>/v4_6_release/auth/<COMPANY_ID>/Acs |
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
| Sign Assertions | ON |
- Keys tab
- Both elements need to be switched off
- Advanced Tab
- Make sure Assertion Consumer Service POST Binding URL as been completed by the metada file and is the same than Valid redirect URIs
- Click on Save
- Get x.509 Certificate, go to Realm Settings.
- Click on the Keys tab.
- On the line RS256, click Certificate.
- Copy the content and save it as a .pem file.
Complete ConnectWise Configuration
- Fill in the remaining fields in ConnectWise:
| Field | Value |
|---|---|
| Login URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| Identity Provider ID | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| Certificate | Upload the .pem file created from MPAS |
- Click Save
Confirm SSO Is Working
- Go to System > Members.
- Select a user from an SSO-enabled location.
- Scroll down to the Authentication section.
- Confirm that SAML SSO is enabled.
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Rocket.chat - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Rocket.chat using MPAS. SSO simplifies user authentication by allowing access to multiple ...SuperOps - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for SuperOps using MPAS. SSO simplifies user authentication by allowing access to multiple ...Auvik - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Auvik using MPAS. SSO simplifies user authentication by allowing access to multiple ...HaloPSA - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for HaloPSA using MPAS. SSO simplifies user authentication by allowing access to multiple ...