How to configure SSO for ServiceDesk Plus

ADSelfService plus is an identity security solution with SSO capabilities. By enabling SSO for ServiceDesk Plus through ADSelfService Plus, help desk technicians need to log in just once and access the ServiceDesk Plus console, plus all the other enterprise applications they use. Additionally, through ADSelfService Plus, access to ServiceDesk Plus can be secured with MFA.

Advantages of ADSelfService Plus' SSO

• Reduce password fatigue: Free users from having to remember different usernames and passwords for their enterprise applications; once they log in to ADSelfService Plus, they'll be able to access other applications without going through the verification process.
• Implement multi-factor authentication: Secure application logins with 19 advanced authentication factors including biometrics, YubiKey, and Google Authenticator.
• Streamline application access: Provide one-click access to all applications from a single portal.
• Increase user adoption rate of applications: Witness increased usage of applications that foster productivity due to their ready availability in the ADSelfService Plus portal.

List of authenticators available in ADSelfService Plus

On enabling SSO between ServiceDesk Plus and ADSelfService Plus, ServiceDesk Plus account logons can be secured with advanced authentication methods, as listed below:

• Google Authenticator
• Fingerprint authentication
• Face ID Authentication
• YubiKey Authenticator
• Duo Security
• Microsoft Authenticator
• Time-based one-time passcodes (TOTPs)

For the complete list of authenticators, click here.

Steps to configure SSO for ServiceDesk Plus

The following steps will help you configure the single sign-on functionality between ADSelfService Plus and ServiceDesk Plus.

Prerequisite

1. Download and install ADSelfService Plus if you have not already, and complete the basic setup.
2. Ensure that the ADSelfService Plus server can be accessed through an HTTPS Connection (Access URL must be configured as HTTPS).
3. Log in to ADSelfService Plus as an administrator.
4. Navigate to Configuration > Self-Service → Password Sync/Single Sign On → Add Application, and select ServiceDesk Plus from the applications displayed.
   Note: You can also find ServiceDesk Plus from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.
5. Click IdP Details in the top-right corner of the screen.
6. In the pop-up that appears, copy the Login URL and Logout URL, which will be used during the configuration of ServiceDesk Plus.
7. Download the SSO certificate by clicking the Download X509-Certificate link.

   

ServiceDesk Plus (service provider) configuration steps

1. Log in to ServiceDesk Plus with administrator credentials.
2. Click on the Admin icon in the top-right corner.
3. Navigate to Users → SAML Single Sign On.

   

4. Under the Configuration tab, navigate to the Configure Identity Provider Details section.
5. In the Login URL field, paste the Login URL value copied in Step 5 of Prerequisites.
6. In the Logout URL field, enter the Logout URL value copied in Step 5 of Prerequisites.
   Note: The Logout URL is optional and can be skipped if single logout (automatically log out from ADSelfService Plus when logging out from ServiceDesk Plus) is not required. The Login URL and Logout URL values must be valid domain names. For example, URLs in the following formats are supported: selfservice.com or selfservice.in.
7. In the Name ID format drop-down field, select email address from the list.
8. In the Algorithm drop-down field, choose the option RSA_SHA256 from the list.
9. Click the Choose File button and select the file downloaded in Step 6 of Prerequisites to upload it.
10. Click Save.

    

11. After entering the identity provider details, toggle the button to enable SAML Single Sign-On.

    

12. If you want users to log in to ServiceDesk Plus only through SAML Single Sign-On, toggle the button to enable the Collapse the login form by default option. To allow users to choose between logging in with their credentials or SAML Single Sign-On, disable this option.
13. Copy the values of the Assertion Consumer URL and the Entity ID from the Service Provider Details section; these will be used later.

    

ADSelfService Plus (Identity Provider) configuration steps

1. Switch to ADSelfService Plus' ServiceDesk Plus configuration page.
2. Enter the Application Name and Description.
3. In the Assign Policies field, select the policies for which SSO needs to be enabled.
   Note: ADSelfService Plus allows you to create OU- and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
4. In the SAML section of the ServiceDesk Plus configuration page, select the Enable Single Sign-On check box.
5. In the Assertion Consumer URL field, enter the Assertion Consumer URL copied in Step 13 of ServiceDesk Plus configuration.
6. In the Entity ID field, enter the Entity ID value copied in Step 13 of ServiceDesk Plus configuration.
7. Click Add Application.

   

Your users should now be able to sign in to ServiceDesk Plus through the ADSelfService Plus portal.