# Configuring Enterprise Ticketing Systems in PAM360

PAM360 provides administrators with the flexibility to integrate a variety of enterprise ticketing systems, enabling streamlined validation of service requests for privileged access. By integrating these ticketing systems, PAM360 extends access control workflow capabilities by granting approvals to password access requests upon automatic validation of corresponding service requests in the ticketing system. This ensures compliance with organizational security standards, minimizes unauthorized access risks, and simplifies audit trails for privileged account activities.

With PAM360, you can configure both on-premises and cloud-based ticketing solutions to align with your IT service management (ITSM) processes. Whether your organization uses ServiceDesk Plus, ServiceNow, Jira Service Desk, or BMC Remedyforce, PAM360 allows seamless integration with these platforms, offering robust support for incident and service request management.

In this document, you will learn how to configure and integrate the following ticketing systems with PAM360:

1. [Integrating ManageEngine ServiceDesk Plus](#Integrating_ManageEngine_ServiceDesk_Plus)
2. [Integrating ManageEngine ServiceDesk Plus Cloud](#Integrating_ManageEngine_ServiceDesk_Plus_Cloud)
3. [Integrating ManageEngine ServiceDesk Plus MSP](#Integrating_ManageEngine_ServiceDesk_Plus_MSP)
4. [Integrating ServiceNow](#Integrating_ServiceNow)
5. [Integrating Jira Service Management On-Premises](#Integrating_Jira_Service_Management)
6. [Integrating Jira Service Management Cloud](#Integrating_Jira_Service_Management_Cloud)
7. [Integrating BMC Remedyforce](#Integrating_BMC_Remedyforce)
8. [Integrating BMC Helix ITSM](#Integrating_BMC_Helix_ITSM)
9. [Integrating TOPdesk](#Integrating_TOPdesk)
10. [Integrating GLPI](#Integrating_GLPI)
11. [Integrating Salesforce Service Cloud](#Integrating_Salesforce_Service_Cloud)
12. [Ticketing System Validation Enforcement and Exceptions](#Ticketing_System_Validation_Enforcement_and_Exceptions)

**Additional Detail**

For custom or other ticketing system integration with PAM360, refer to this [help document](https://www.manageengine.com/privileged-access-management/help/custom-ticketing-systems.html).

## 1. Integrating ManageEngine ServiceDesk Plus

PAM360 facilitates integration with ManageEngine ServiceDesk Plus by validating change request in addition to the ticket ID entered by the user in the ticketing system. Validation occurs only when the change ID provided is approved in ManageEngine ServiceDesk Plus.

To integrate ManageEngine ServiceDesk Plus with PAM360 as a ticketing system, perform the below steps:

1. Log in to ManageEngine ServiceDesk Plus.
2. Click **API Key Generation** under **Username** at the top-right corner of the page.
3. Copy the generated key and log in to the PAM360 web interface.
4. Navigate to **Admin >> Integrations >> Ticketing System**.
5. On the page that appears, click the **Enable** button in the ManageEngine ServiceDesk Plus tile.
6. In the pop-up window that appears, enter the copied key in the **Technician Key** field.
7. In the **Ticketing System URL** field, enter the URL of the ServiceDesk Plus server (for example, **https://dnsname:port**).  
![ticketing-system-config1](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config1.webp)
8. Tick the **Use ChangeID for Validation** checkbox to make users provide valid Change IDs for the validation of password access requests and other similar operations. If the checkbox is disabled, users have to submit valid Request IDs for validation.
9. Tick the **Add the recorded RDP session link to the ChangeID description** checkbox if you want to add the link of recorded RDP session to the ChangeID description.
10. Click the **Enable** button to complete configuring the ticketing system integration. Then, click the **Refresh** icon at the top-right corner of the page to make the changes appear.

Now, the ManageEngine ServiceDesk Plus ticketing system has been integrated successfully.

## 2. Integrating ManageEngine ServiceDesk Plus Cloud

PAM360 integrates with ManageEngine ServiceDesk Plus Cloud to automatically validate access requests with a valid ticket ID to grant privileged access. The ServiceDesk Plus Cloud ticketing system integration involves three stages:

- [Generating Client ID and Client Secret](#Generating_Client_ID_and_Client_Secret)
- [Configuring ServiceDesk Plus Cloud Ticketing System](#Configuring_ServiceDesk_Plus_Cloud_Ticketing_System)
- [Authorizing ServiceDesk Plus Cloud Integration](#Authorizing_ServiceDesk_Plus_Cloud_Integration)

### 2.1 Generating Client ID and Client Secret

1. Go to the Zoho [Developer Console](https://api-console.zoho.com/).
2. Select the **Client Type** as **Server-based Application**.
3. Enter the following details:
   1. **Client Name:** The name of your application you want to register with ManageEngine ServiceDesk Plus Cloud (PAM360 is advisable).
   2. **Home page URL:** Mention the PAM360 access URL. For example: https://\<hostname\>:port/ or https://\<domain_name\>.com
   3. **Authorized Redirect URIs:** \<Home_page_URL\>/sdpodAuth/saveSDPODRefreshAndAccessTokens
4. Click **Create** to generate the following credentials:
   1. **Client ID:** The consumer key generated from the connected application.
   2. **Client Secret:** The consumer secret generated from the connected application.

With the Client ID and Client Secret copied from the developer console, go to the PAM360 web interface and perform the ServiceDesk Plus Cloud ticketing system configuration.

### 2.2 Configuring ServiceDesk Plus Cloud Ticketing System

1. Navigate to **Admin >> Integrations >> Ticketing System**.
2. Click **Enable** under **ManageEngine ServiceDesk Plus Cloud**.  
![ticketing-system-config2](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config2.webp)
3. Enter the **Client ID** and **Client Secret** that you copied earlier.
4. Mention the **Ticketing System URL** and the **Redirect URL**.

**Caution**

1. If there are multiple portals available in the ServiceDesk Plus Cloud, enter the **Ticketing System URL** with the relevant portal name. For example, **https://sdpondemand.manageengine.com/app/<itdesk>**
2. Mention the Home page URL from the previous step as the **Redirect URL**.

5. Click **Enable** to complete the configuration and enable the ServiceDesk Plus Cloud ticketing system.  
![ticketing-system-config3](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config3.webp)

The ServiceDesk Plus Cloud configuration has been saved successfully.

### 2.3 Authorizing ServiceDesk Plus Cloud Integration

1. On the **Ticketing System** page, click the **Refresh** icon at the top-right corner for the changes to appear.
2. Click the red icon at the top-left corner of the **ManageEngine ServiceDesk Plus Cloud** tile to authorize the integration.  
![ticketing-system-config4](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config4.webp)
3. In the UI that appears, **Accept** the consent form to access the data.

**Caution**

Only users with a **technician role** in the **Ticketing System** should **Accept** the above request to view and validate the tickets.

![ticketing-system-config5](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config5.webp)
![ticketing-system-config6](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config6.webp)

4. Click **OK** to exit the GUI and click the **Refresh** icon again for the changes to appear.  
![ticketing-system-config7](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config7.webp)

ServiceDesk Plus Cloud has been configured successfully as a ticketing system in PAM360.

## 3. Integrating ManageEngine ServiceDesk Plus MSP

PAM360 supports integration with ManageEngine ServiceDesk MSP to automatically validate access requests to privileged access only with a valid ticket ID.

1. Log in to ManageEngine ServiceDesk Plus MSP.
2. Click **API Key Generation** under **Username** at the top-right corner of the page.
3. Copy the generated key and log in to the PAM360 web interface.
4. Navigate to **Admin >> Integrations >> Ticketing System**.  
![ticketing-system-config8](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config8.webp)
5. Click the **Enable** button for ServiceDesk Plus MSP.
6. Enter the copied key in the **Technician Key** field.
7. Enter the URL of the ServiceDesk Plus MSP server (for example, **https://dnsname:port**) in the **Ticketing System URL** field.

Now, the ManageEngine ServiceDesk Plus MSP ticketing system has been integrated successfully.

## 4. Integrating ServiceNow

By integrating ServiceNow with PAM360, organizations can automate the validation of service requests for privileged access.

**Caution**

Ensure that you have the ServiceNow login credentials ready before integrating it with PAM360.

To configure ServiceNow ticketing system in PAM360:

1. Navigate to **Admin >> Integrations >> Ticketing System**.
2. Click the **Enable** button on the ServiceNow tile.
3. Click **Generate** beside the **AUTH Token** field.
4. Enter the ServiceNow login credentials.  
![ticketing-system-config9](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config9.webp)
5. Enter the ServiceNow server URL (for example, **https://instance.servicenow.com**) in the **Ticketing System URL** field.
6. Click **Enable**.

Click the **Refresh** icon to apply changes.

The following are some ServiceNow ticket ID formats:

- ServiceNow Incident - INC(7 digit number) eg) INC0010007
- ServiceNow Change - CHG(7 digit number) eg) CHG0000003
- ServiceNow Change Task - CTASK(7 digit number) eg) CTASK0000009
- ServiceNow Request - REQ(7 digit number) eg) REQ0010004
- ServiceNow Request Item - RITM(7 digit number) eg) RITM0010007
- ServiceNow Problem - PRB(7 digit number) eg) PRB0000007
- ServiceNow Project - PRJ(7 digit number) eg) PRJ0000009
- ServiceNow Project Task - PRJTASK(7 digit number) eg) PRJTASK0010001
- ServiceNow Task - TASK(7 digit number) eg) TASK0010001

## 5. Integrating Jira Service Management On-Premises

**Prerequisite**: Import the SSL certificate of the Jira Service Management server into the PAM360 certificate store. Refer to [FAQ question 11](https://www.manageengine.com/privileged-access-management/help/faq.html#tab12).

1. Log in to Jira Service Management with a Jira Administrator account.
2. Go to **Personal Access Tokens** from the profile section.
3. Click **Create Token**.
4. Enter:
   - **Token Name**
   - **Expiry**
5. Click **Create** and copy the token.
6. Navigate to **Admin >> Integrations >> Ticketing System** in PAM360.
7. Click **Enable** under Jira Service Management.
8. Enter:
   - **Personal Access Token**
   - **Ticketing System URL**
9. Click **Enable**.  
![jira-service-mangement-1](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/jira-service-management-1.webp)

## 6. Integrating Jira Service Management Cloud

The integration involves:

- [Generating Client ID and Client Secret](#Generating_Client_ID_and_Client_Secret)
- [Configuring Jira Service Management Cloud Ticketing System](#Configuring_Jira_Service_Management_Cloud_Ticketing_System)
- [Authorizing Jira Service Management Cloud Integration](#Authorizing_Jira_Service_Management_Cloud_Integration)

### 6.1 Generating Client ID and Client Secret

1. Go to the [Atlassian Developer Console](https://developer.atlassian.com/console/myapps).
2. Create an OAuth 2.0 integration.
3. Provide the application **Name** and click **Create**.
4. Configure **Permissions** → Jira API → Edit Scope → Select **View Jira Service Management Request Data**.
5. Add **Authorization** and specify Callback URL:  
   **https://<hostname>:<port>/jiraAuth/saveJiraAccessToken**
6. Under **Settings**, note the **Client ID** and **Client Secret**.

### 6.2 Configuring Jira Service Management Cloud Ticketing System

1. Navigate to **Admin >> Integrations >> Ticketing System**.
2. Click **Enable** on the Jira Service Desk tile.
3. Enter:
   1. **Client ID** and **Client Secret**.  
![ticketing-system-config10](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config10.webp)
   2. **Ticketing System URL** (for example, **https://instance.atlassian.net**)
   3. **Redirect URL**
4. Click **Enable**.

### 6.3 Authorizing Jira Service Management Cloud Integration

1. Click **Refresh**.
2. Click the red icon on the Jira tile.  
![ticketing-system-config11](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config11.webp)
3. Accept the consent form.  
![ticketing-system-config12](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config12.webp)

Jira Service Management Cloud has been configured successfully.

## 7. Integrating BMC Helix Remedyforce

To configure:

1. Navigate to **Admin >> Integrations >> Ticketing System**.
2. Click **Enable** in the BMC Remedyforce tile.
3. Enter:
   1. **Username** and **Password**.  
![ticketing-system-config13](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config13.webp)
   2. **Secret Key** (Security Token). Learn more [here](https://help.salesforce.com/s/articleView?id=xcloud.user_security_token.htm&type=5).
   3. **Salesforce Instance Name URL**.
4. Click **Enable**.

**Caution**

The **Ticketing System URL** should include the fully qualified Salesforce instance name URL.

## 8. Integrating BMC Helix ITSM

Ensure:

- REST API access is enabled.
- Read permission on HelpDesk form (HPD).
- Account is active.

Steps:

1. Navigate to **Admin >> Integrations >> Ticketing System**.
2. Click **Enable** under BMC Helix ITSM.
3. Enter:
   - **Username**
   - **Password**
   - **Ticketing System URL**
4. Click **Enable**.  
![bmc-helix-itsm-1](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/bmc-helix-itsm-1.webp)

## 9. Integrating TOPdesk

1. Log in to TOPdesk.
2. Go to **My Settings**.  
![topdesk-1](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/topdesk-1.webp)
3. Add an **Application Token**.  
![topdesk-2](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/topdesk-2.webp)
4. Copy the token.
5. Navigate to **Admin >> Integrations >> Ticketing System** in PAM360.
6. Click **Enable** under **TOPdesk**.
7. Enter:
   - **Personal Access Token**
   - **Ticketing System URL**
8. Click **Enable**.

## 10. Integrating GLPI

### 10.1 Enabling REST API Access in GLPI

1. Log in to GLPI.
2. Navigate to **Setup >> General >> API**.  
![glpi-1](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/glpi-1.webp)
3. Enable:
   - Enable Legacy REST API
   - Enable login with Credentials
4. Click **Save**.

### 10.2 Generating an App Token in GLPI

1. Add API client.  
![glpi-2](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/glpi-2.webp)
2. Enter details and click **+ Add**.  
![glpi-3](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/glpi-3.webp)

### 10.3 Generating a User Token in GLPI

1. Go to **My Settings**.
2. Copy or generate API token.  
![glpi-4](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/glpi-4.webp)

### 10.4 Configuring the Integration in PAM360

1. Navigate to **Admin >> Integrations >> Ticketing System**.
2. Click **Enable** under **GLPI**.
3. Enter:
   - **Application Token**
   - **API Token**
   - **Ticketing System URL**  
![glpi-5](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/glpi-5.webp)
4. Click **Enable**.

## 11. Integrating Salesforce Service Cloud

### 11.1 Creating an External Client Application in Salesforce

1. Log in to Salesforce.
2. Go to **Setup**.  
![salesforce-1](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/salesforce-1.webp)
3. Navigate to **External Client App Manager**.  
![salesforce-2](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/salesforce-2.webp)
4. Create new external app.  
![salesforce-3](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/salesforce-3.webp)
5. Enable OAuth and Client Credentials Flow.  
![salesforce-4](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/salesforce-4.webp)

### 11.2 Assigning a Run-As (Execution) User

1. Edit **Policies**.
2. Enable **Client Credentials Flow**.  
![salesforce-5](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/salesforce-5.webp)
3. Specify **Run As (Username)** and save.

### 11.3 Retrieving Consumer Key and Consumer Secret

1. Go to **Settings >> OAuth Settings**.
2. Retrieve **Consumer Key and Secret**.

**Caution**

Store credentials securely. Regenerate immediately if compromised.

### 11.4 Configuring Salesforce ITSM Details in PAM360

1. Navigate to **Admin >> Integrations >> Ticketing System**.
2. Click **Enable** under **Salesforce ITSM**.
3. Enter:
   - **Consumer Key**
   - **Consumer Secret**
   - **Ticketing System URL**
4. Click **Enable**.  
![salesforce-6](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/salesforce-6.webp)

## 12. Ticketing System Validation Enforcement and Exceptions

Once configured, ticketing validation is enforced globally. **Super administrators** are exempt by default.

Options available:

- [Selective Enforcement for Resource Groups](#Selective_Enforcement_for_Resource_Groups)
- [General Settings for Ticketing Validation](#General_Settings_for_Ticketing_System_Validation)
- [User Group-Specific Ticketing Settings](#User_Group-Specific_Ticketing_Settings)
- [Ticket ID Validation for Auto Approval Workflow](#Ticket_ID_Validation_for_Auto_Approval_Workflow)

### 12.1 Selective Enforcement for Resource Groups

1. Navigate to **Groups**.  
![ticketing-system-config14](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config14.webp)
2. Click **Bulk Configuration >> Configure Ticketing Settings**.

### 12.2 General Settings for Ticketing System Validation

- **Allow users to retrieve passwords without a ticket ID**.  
![ticketing-system-config15](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config15.webp)
- **Allow users to reset passwords without a ticket ID**.  
![ticketing-system-config16](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config16.webp)

### 12.3 User Group-Specific Ticketing Settings

Navigate to **User Groups** and configure ticketing validation rules as required.

### 12.4 Ticket ID Validation for Auto Approval Workflow

1. Navigate to **Resources** and configure **Auto Approval**.  
![ticketing-system-config17](https://cdn.manageengine.com/sites/meweb/images/privileged-access-management/help/ticketing-system-config17.webp)
2. Select **Approve access requests by validating service request ticket ID**.
3. Click **Save & Activate**.

For detailed instructions on access control workflow, click [here](https://www.manageengine.com/privileged-access-management/help/access-control-workflow.html#Auto_Approval).