Multi-Factor Authentication (MFA/2FA) for Jitbit

Last updated on October 16, 2024

Overview

The purpose of this document is to enable Rublon Two-Factor Authentication (2FA) for users logging in to Jitbit. In order to achieve that, you have to use Rublon Access Gateway. All required steps will be described in this document.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push	✔	N/A
WebAuthn/U2F Security Key	✔	N/A
Passcode	✔	N/A
SMS Passcode	✔	N/A
SMS Link	✔	N/A
Phone Call	✔	N/A
QR Code	✔	N/A
Email Link	✔	N/A
YubiKey OTP Security Key	✔	N/A

Before you start

You need to install and configure Rublon Access Gateway itself before configuring Jitbit to work with it. Please read the Rublon Access Gateway documentation and follow the steps in Installation and Configuration sections. Afterwards, follow the Configuration section in this document.

Configuration

Follow these steps to enable Rublon 2FA in Jitbit.

Jitbit

1. Log in to Jitbit Helpdesk as administrator.

2. Select the Administration tab.

3. Click General settings.

4. Navigate to the bottom of the page and click Enable SAML 2.0. single sign on.

5. Fill in the form. Refer to the following image and table.

EndPoint URL	Copy the value of SSO URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway). Append the following string: `?spentityid=https%3A%2F%2Fwww.jitbit.com%2Fweb-helpdesk%2F` Your final EndPoint URL might look like the following: `https://example.com.pl/saml2/idp/SSOService.php?spentityid=https%3A%2F%2Fwww.jitbit.com%2Fweb-helpdesk%2F`
x509 certificate	Download the certificate from Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE. Open the downloaded certificate in a text editor. Copy the entire contents and paste it into the text field.
Entity ID	Enter the value of Entity ID from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).
SAML login button text	Login via Rublon

Note

We recommend you keep Redirect users to the identity provider automatically when SAML enabled disabled at least until you tested logging in to Jitbit with Rublon 2FA.

Once you tested logging in to Jitbit with Rublon 2FA and everything worked, you can get back to this form and enable Redirect users to the identity provider automatically when SAML enabled.

When Redirect users to the identity provider automatically when SAML enabled is enabled, every member, including admins, must use Rublon 2FA.

Rublon Access Gateway

1. In Rublon Access Gateway, go to Applications → Add application.

2. Fill in the form and click SAVE to add a new application. Refer to the following image and table.

Application name	Enter a name for the application, e.g. Jitbit. The name will be displayed during Rublon 2FA.
Entity ID	https://www.jitbit.com/web-helpdesk/
Assertion Consumer Service	https://example.jitbit.com/helpdesk/Saml/Consume Note: Replace example with the name of your subdomain in Jitbit.
Single Logout Service	https://www.jitbit.com/
NameID format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
NameID attribute	mail
Send Attributes	NameID
Signature algorithm	sha-256
Validate Authn Request	Uncheck.
Sign response	Check.
Certificate for signing	Select the certificate you have downloaded from Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE.

Log in to Jitbit with Rublon 2FA

1. Go to https://example.jitbit.com/helpdesk/User/Login. Replace example with the name of your subdomain in Jitbit.

2. Click Login via Rublon.

3. You will be redirected to the Rublon Access Gateway login page.

4. Provide your username and password. Click SIGN IN. A window will appear with a selection of various 2FA options from Rublon. Let’s choose Mobile Push.