Importing Requesters into ServiceDesk Plus Cloud using Provisioning App
The Provisioning App utility can be used to import Requesters into ServiceDesk Plus Cloud from your AD/LDAP. It can also be configured to run as a Scheduled Task in Windows to automatically add, update, disable or delete users from ServiceDesk Plus Cloud on a periodic basis.
User Management in ServiceDesk Plus Cloud is powered by Zoho. So, a Zoho account would be automatically created for each of the imported user.
- ServiceDesk Plus Cloud Technician credentials with SDAdmin and organization admin privileges.
- A verified domain in ServiceDesk Plus Cloud. You can add and verify your domain in Admin ---> Organization Details ---> Domain Details page in ServiceDesk Plus Cloud console.
- Knowledge of LDAP queries
- The Provisioning App utility is built over .NET Framework 4.5. So the app runs only on Windows systems and the .NET Framework must be available in the Windows system.
- Recent Windows operating systems have .NET Framework available by default. In case if this is not available, you can download it from here.
Requester Fields Imported
The following fields can be imported with the Provisioning App: Name, EMail, Phone, Mobile, Site, Department, Manager and Job Title. If you have configured any additional fields for the Requester, they can also be imported, if corresponding values are available in AD/LDAP. Department and Site will be automatically created, if the details are available in LDAP, and if the corresponding Department / Site is not present in ServiceDesk Plus Cloud.
How the Synchronization happens
The Provisioning App queries LDAP and gets a list of Users from LDAP.It then gets your organization's Users from Zoho accounts. Users are excluded based on the exclusion rules. The Provisoning App then compares the Users got from LDAP queries and Zoho and handles the following cases:
- The Users available in LDAP but not in Zoho: These users would be added to Zoho and then be added as Requesters in ServiceDesk Plus Cloud
- The Users available in Zoho, but not in LDAP : These users will be deleted or disabled in ServiceDesk Plus Cloud based on your sync preference selected in the tool
Since the Provisioning App adds or deletes users from your organization account in ServiceDesk Plus Cloud, it is important that you configure the LDAP queries and exclusion rules correctly in the app.
First determine the set of users you want to sync between your LDAP server and ServiceDesk Plus Cloud/Zoho. Configure LDAP queries in the Provisioning App tool so as to match only those users whom you want to import or sync. Here are a few examples:
1. To import /sync all users in your AD/LDAP, use the following:
Base DN : DC=zillum,DC=com
Query : (objectClass=user)
2. To import or sync all users in an Organization Unit (OU) named Texas, use the following:
Base DN : OU=Texas,DC=zillum,DC=com
Query : (objectClass=user)
3. To import or sync only the users in a specific ( example, “ITAdmin” ) department and belonging to Texas OU,use the following:
Base DN : OU=Texas,DC=zillum,DC=com
Query : (&(objectClass=user)(department=ITAdmin))
Default Zoho Password for Imported Accounts
- User Management in ServiceDesk Plus Cloud is powered by Zoho. So, a zoho account will be automatically created for each of the imported Requester.
- You can give a default password in the "Provision" tab. New Zoho Accounts to be created will have this as the password.
Please remember to note this down and inform your organization users. This password is needed to login if you are not using SAML Authentication.
- The default password will be set only for new Accounts that are going to be created. For accounts created already, password will not be changed during sync.Please ask your users to change this default password.
- If you are planning to use AD credentials to login please refer here.
Types of Synchronization
You can manually run the Provisioning App tool and select the sync option. It will show you the list of users to be added or deleted/disabled. You can select the users and sync them.
Before you start command-line sync, you must do the following:
- Run the Provisioning App tool and supply all details in it
- Select your sync option – whether to delete or disable users, when user is deleted in LDAP
- Simulate sync to see whether the tool correctly shows the list of users to be added or deleted
- Click on “Save settings for sync”, which will save all your options to a file
- Give this file as an argument for the ProvisioningApp.exe to start the sync process
Execute the following command to initiate the sync process:
ProvisioningApp.exe --action=sync --conf=C:\Users\Administrator\ZohoProvisioning\provisioning.conf --email@example.com
You can configure the above command in the Windows Task Scheduler for periodic sync'ing. An email wouldl be sent to the given address whenever new users are added or users are deleted/disabled. Emails would not be sent for any update to user details like Department or Site, etc.,
You can see the system log anytime in Admin page of ServiceDesk Plus Cloud console for details about requester add, update or delete.
For more details about configuring scheduled sync, please refer here.
Import from Multiple Domains
You can use a Global Catalogue to query multiple domains in a single forest. Instead of "LDAP://", you can give "GC://" in the Provisioning tool. This way you can search the Global Catalog and do an import or sync of all the users in same forest with ServiceDesk Plus Cloud.
You need to run the Provisioning tool multiple times to import users from multiple forests.
There is no option to sync users from multiple forests.
Using Logs to Troubleshoot
If you face any problem during import or sync, please send us the log files. The log files will be generated in Windows User Profiles directory. e.g., C:\Users\Administrator.Domain\ZohoProvisioning\logs
Sequence of Steps for Requester Import using the Provisioning App
1. Provide the Verified domain name and click Authorize.
2. Click the link in Step 2 to open it in your browser.
3. Log in to your SDP Cloud account and click Accept button to provide permission for this app to work.
4. Provide the LDAP Connection details
5. Choose the operation and provide LDAP Queries and Exclusions as needed
- Remove logins for Requesters - This will remove the Logins of the Requester/Technician from the *Service Desk Instance. Users can continue to login to other Service Desk Instances and Zoho services.
- Disable Zoho Accounts - This will disable the Zoho accounts associated with the users. Users will not be able to login to any other Service Desk Instance or Zoho services.
- Delete Requesters - This will delete the Users (Requester/Technician) from the *Service Desk Instance. Users can continue to login to other Service Desk Instances and Zoho services.
- Delete Zoho Accounts - This will delete the Zoho accounts associated with the users. Users will not be able to use any other Service Desk Instance or Zoho services.
*Service Desk Instance - Even if you have multiple Service Desk Instances in the ESM Directory, the tool performs actions on the Service Desk Instance that is marked as "Default" by the Technician using the tool.
6. Provide the necessary attributes
7. Review the LDAP Query Results and click 'Finish'
8. The list of users imported is displayed
- Through the UI, you can add a maximum of 2000 users at once. User addition through Scheduled Sync is not limited to user count.
- Be it through UI or Scheduled Sync, you can delete or disable a maximum of 100 users at once.
- The email sent after a scheduled sync will contain a maximum of 1000 email addresses.