Active Directory

 

You can configure to authenticate the requester login with the active directory (AD). On configuring AD authentication, if there are any changes made in the password made in AD, the same is reflected in ServiceDesk Plus. So the requesters can login using the login name and password of the system.

 

Note: Please ensure that before you start configuring the AD Authentication, you have already imported the requesters. Only if a user account is available in ServiceDesk Plus application, it will authenticate the password for that user account from the active directory. Hence, when none of the users have been imported from the active directory, the authentication cannot be done for the user account.

 

To configure the Active Directory Authentication,

  1. Log in to the ServiceDesk Plus application using the user name and password of a ServiceDesk Plus administrator.

  2. Click the Admin tab in the header pane.

  3. In the Users block, click the Active Directory Authentication icon. Here you can enable or disable active directory authentication. By default the AD authentication will be disabled.

  4. If you have already imported requesters from the any of the domains in your network, then click Enable button.

Even after enabling Active Directory (AD) Authentication, if you would like to bypass the AD Authentication, then in the application login screen, you need to select Local Authentication from the Domain list box after entering the login name and password, and then click Login button to enter ServiceDesk Plus.

 

Configure Pass - through Authentication

On enabling single sign-on, ServiceDesk plus directly authenticates your windows system user name and password. Hence you need not login over again to enter into ServiceDesk plus or remember too many passwords.

ServiceDesk Plus Pass through Authentication uses NTMLV2 which provides better security and validates the credentials using NETLOGON service.

  1. Enabling Active Directory, activates the Pass-through authentication (Single Sign-on) option.

  2. If you like to activate single sign - on, select the Enable Pass-through Authentication (Single Sign-On) option.

  3. You can enable Pass-through authentication for users from a particular domain. To do so, select the Domain Name from the drop down list. Enabled domain should be two way trusted. 

  4. Specify the DNS Server IP of the domain in the provided field.

  5. To use the NTLM security provider as an authentication service a computer account needs to be created in the Active Directory with a specific password. Specify a unique name for the Computer Account and Password for this account.

  6. The Bind String parameter must be a fully qualified DNS domain name or the fully qualified DNS hostname of a particular AD server.

  7. Save the authentication. You will get a confirmation message on the authentication.

Upon saving the details, a new computer account will be created on the Active Directory (with the help of VB Script). If the user specifies existing computer accountname, the password specified here will be reset on the Active Directory for the computer account. User can choose to reset the password of computer account by clicking on the Reset Password link as well.

Even if there is a problem creating Computer Account or Resetting Password of already created Computer Account using VB script from SDP server(upon save, the script will be called automatically) , the details specified here will be saved and user can execute the script locally on the AD server specifying the same details to create computer account / reset password.

If there is an issue with computer account creation, user can specify an already created computer account name and reset password of that computer account with the help of reset password script.

 

Importing Requesters from Active Directory

If you have not yet imported requesters from any of the domains, you can import them by clicking Import Requesters from Active Directory link. The Import From Active Directory window pops up.

  1. From the list of domains that are listed in the Domain Name drop-down box, select the domain name in which the active directory from which you wish to import is installed. If the other details such as domain controller name, user name, and password have already been entered in the Domain scan page, then that will be populated automatically. Else, enter the name of the domain controller in the Domain Controller Name field, login name and password in the corresponding fields.

  2. You also have an option to select the fields to be imported from Active Directory. To do this, enable the check box beside the default fields namely, Phone, Department, Job Title, Mobile, Site Name and E-mail. Specify the field name configured in Active Directory for the selected fields.

    Say, if "Phone" is configured as "telephoneNumber" in active directory, then enter telephoneNumber in the text field provided. The unselected fields are not imported. This is to avoid over ridding of the new values by the old values from the directory.

  3. Apart from the default fields, you can also Import Requester Additional Field details from the active directory. If you have not configured any requester additional fields, then select Click here to configure link. This takes you to Requester - Additional Field page, from where you need to configure the additional fields to be imported from Active Directory. The configured requester additional fields - Text, Numeric and Date/Time fields, appear in Import from Active Directory window indicated in the colors Blue, Green and Red respectively. Enable the check box beside the requester additional fields to import, and specify the field name configured in active directory beside the selected field. The unselected fields are not imported.
     

    Field Name

    Field Type

    Distinguished Name (DN) in Active Directory

    Description

    Email Address

    Text

    mail

    Email Address of the requester

    Country Code

    Numeric

    countryCode

    Country Code of the requester

    Last Log on

    Date/Time

    lastLogon

    Last Logged on date/time of the requester.

Note:

1. To configure the date format according to your Active Directory settings, update the entry in globalconfig table as, globalconfig set paramvalue ="Date-Format", where category ="AD_DATEFORMAT" and parameter="UDF_DATE". Restart the application to reflect the changes.

2. The numeric additional fields hold up to 19 digits. If your numeric value exceeds 19 digits, then configure the value in text field.

  1. If the site associated to the user/department is changed in Active Directory, then the assets belonging to the user/department should be moved to the new site. To update this information on every import, enable Move associated assets check box. De-selecting this check box will not move the asset to the new site.

  2. Click Import Now. The import wizard displays the various Organizational Units (OUs) available in that domain. Choose the specific Organizational Unit from which you wish to import users by selecting the check box beside it.

  3. Click Start Importing. Once the import is complete, the data on how many records were added, how many overwritten, and how many failed to import will be displayed.

 

Schedule AD import

You have an option to schedule Active Directory import in specified number of days. When you schedule an Active Directory Import, data from all the domains available in the application is imported at the specified number of days.

  1. Select the Schedule AD import check box. Specify the number of days in the text box. The requester details gets imported automatically once in specified number of days.

  2. Click saveADSync button to be in sync with the active directory.

ServiceDeskPlus - Help Desk and Asset Management Software

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine