Acceptto MFA for ConnectWise Manage

Introduction

ConnectWise Manage is a business management software that helps people go from separate systems to complete control. Acceptto integrates with ConnectWise Manage via its SAML solution. Single Sign-On (SSO) Multi-Factor Authentication (MFA) ensures the convenience of cloud SSO without its potential security risks.

Pre-requisites
  1. An Acceptto Appliance connected to your user directory (for example Microsoft Active DirectoryTM).
  2. The user population that is going to be authenticated via SAML must be enrolled in the It'sMe Application.
  3. A user with administrative privileges for ConnectWise Manage.
  4. A user with administrative privileges for the Acceptto Appliance.
Acceptto SAML Configuration as Identity Provider (IdP)
  1. Login to the Acceptto Appliance admin panel with an administrative account and go to Applications.
  2. Create a new application by selecting the Create New Application.
  3. Appliance create application
  4. In the Add Application dialog, enter the following values:
    • App Name - The application name displayed in the admin panel and application portal. For example, ConnectWise Manage
    • Issuer or Entity ID – The Issuer/EntityID of your ConnectWise Manage instance. For example, https://connectwise.example.com
    • Sign in URL - The link used by your users to access the ConnectWise Manage. For example, https://connectwise.example.com
    • Metadata URL - The URL containing metadata about your ConnectWise Manage instance. For example, https://connectwise.example.com/{release}/auth/{companyId}/metadata
  5. Click Save to create the Application.
  6. Select the Show ID Provider Data and copy the certificate shown on this page.
  7. Show id provider
Configure ConnectWise Manage as a Service Provider (SP)
  1. Before you begin, ensure that you have an Administrative user in a location that is not subject to the Acceptto MFA. This user will allow you to login back to your instance if there are any issues with the configuration.
  2. Login to your ConnectWise Manage instance and go to System > Authentication:
  3. Select New SSO Configuration by pressing the “+” control; a new SSO provider configuration screen will be shown:
  4. Configure the fields using the following data:
    • Login URL: Sign-in URL you got earlier from Acceptto SAML Appliance. For example, https://saml.example.local/saml/auth
    • Identity Provider ID: The originator of the authentication, in line with the above example: https://saml.example.local/saml
    • Identity Provider Certificate: Upload the X.509 certificate file you got from Acceptto SAML Appliance earlier.
    • Location: Select the locations where the newly configured IdP will be used. Remember to exclude the location of at least one Admin so that you may regain access to the instance in case there is a misconfiguration.
Test your setup
  1. Access your company’s ConnectWise Manage instance and type a username that is in a location that has SAML enabled and click Login. Please note that the screen changes to display “Single Sign-On is enabled. Please log in.
  2. The user is redirected to the Acceptto SAML page.
  3. After successful authentication, you’ll see the Acceptto MFA options and need to select your desired method.
  4. Finally, the user will be redirected to the ConnectWise Manage console.
  5. If the login is successful, you can now edit your SAML configuration to add the remaining locations.
  6. If the login fails, login to ConnectWise Manage with a user that is an Administrator. In a location that is not subject to MFA, check if the SAML configuration parameters match your appliance.
  7. In the unlikely case your instance remains inaccessible please contact ConnectWise Support to unlock access to your instance. Contact Acceptto Support for further assistance with your SAML configuration.
Support

If you require assistance, please email us at support@acceptto.com

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the Acceptto Corporation.

ConnectWise is either registered trademarks or trademarks of ConnectWise, Inc. and/or one or more of its subsidiaries in the United States and/or other countries.