You can configure to authenticate the requester login with the active
directory (AD). On configuring AD authentication, if there are any changes
made in the password made in AD, the same is reflected in ServiceDesk
Plus. So the requesters can login using the login name and password of
Note: Please ensure that before you
start configuring the AD Authentication, you have already imported the
requesters. Only if a user account is available in ServiceDesk Plus application,
it will authenticate the password for that user account from the active
directory. Hence, when none of the users have been imported from the active
directory, the authentication cannot be done for the user account.
To configure the Active Directory Authentication,
Log in to the ServiceDesk
Plus application using the user name and password of a ServiceDesk
Click the Admin
tab in the header pane.
In the Users
block, click the Active Directory Authentication
icon. Here you can enable or disable active directory
authentication. By default the AD authentication will be disabled.
If you have already imported
requesters from the any of the domains in your network, then click Enable button.
Even after enabling Active Directory (AD) Authentication, if you would
like to bypass the AD Authentication, then in the application login screen,
you need to select Local Authentication
from the Domain list box after entering the login name and password, and
then click Login button to enter
Configure Pass - through Authentication
On enabling single sign-on, ServiceDesk plus directly authenticates
your windows system user name and password. Hence you need not login over
again to enter into ServiceDesk plus or remember too many passwords.
ServiceDesk Plus Pass through Authentication uses NTMLV2 which provides
better security and validates the credentials using NETLOGON service.
Enabling Active Directory, activates the Pass-through
authentication (Single Sign-on) option.
If you like to activate single sign - on, select
the Enable Pass-through Authentication
(Single Sign-On) option.
You can enable Pass-through authentication for
users from a particular domain. To do so, select the Domain
Name from the drop down list. Enabled domain should be two way
Specify the DNS
Server IP of the domain in the provided field.
To use the NTLM security provider as an authentication
service a computer account needs to be created in the Active Directory
with a specific password. Specify a unique name for the Computer
Account and Password for
The Bind String
parameter must be a fully qualified DNS domain name or the fully qualified
DNS hostname of a particular AD server.
authentication. You will get a confirmation message on the authentication.
Upon saving the
details, a new computer account will be created on the Active Directory
(with the help of VB Script). If the user specifies existing computer
accountname, the password specified here will be reset on the Active Directory
for the computer account. User can choose to reset the password of computer
account by clicking on the Reset Password link as well.
Even if there is
a problem creating Computer Account or Resetting Password of already created
Computer Account using VB script from SDP server(upon save, the script
will be called automatically) , the details specified here will be saved
and user can execute the script locally on the AD server specifying the
same details to create computer account / reset password.
If there is an
issue with computer account creation, user can specify an already created
computer account name and reset password of that computer account with
the help of reset password script.
Importing Requesters from Active Directory
If you have not yet imported requesters from any of the domains, you
can import them by clicking Import Requesters
from Active Directory link. The Import
From Active Directory window pops up.
From the list of domains
that are listed in the Domain Name
drop-down box, select the domain name in which the active directory from
which you wish to import is installed. If the other details such as domain
controller name, user name, and password have already been entered in
the Domain scan page, then that will be populated automatically. Else,
enter the name of the domain controller in the Domain Controller Name
field, login name and password in the corresponding fields.
You also have an option
to select the fields to be imported from Active Directory. To do this,
enable the check box beside the default fields namely, Phone, Department,
Job Title, Mobile, Site Name and E-mail. Specify the field name configured
in Active Directory for the selected fields.
Say, if "Phone" is configured as "telephoneNumber"
in active directory, then enter telephoneNumber in the text field provided.
The unselected fields are not imported. This is to avoid over ridding
of the new values by the old values from the directory.
Apart from the default fields, you can also Import Requester Additional Field details
from the active directory. If you have not configured any requester additional
fields, then select Click here to configure
link. This takes you to Requester - Additional Field page, from where
you need to configure the additional fields to be imported from Active
Directory. The configured requester additional fields - Text, Numeric
and Date/Time fields, appear in Import
from Active Directory window indicated in the colors Blue, Green
and Red respectively. Enable the check box beside the requester additional
fields to import, and specify the field name configured in active directory
beside the selected field. The unselected fields are not imported.
Distinguished Name (DN) in Active Directory
Email Address of the requester
Country Code of the requester
Last Log on
Last Logged on date/time of the requester.
1. To configure the date format according to your Active Directory settings,
update the entry in globalconfig table as, globalconfig set paramvalue
="Date-Format", where category ="AD_DATEFORMAT" and
parameter="UDF_DATE". Restart the application to reflect the
2. The numeric additional fields hold up to 19 digits. If your numeric value exceeds 19 digits, then configure the value in text field.
If the site associated
to the user/department is changed in Active Directory, then the assets
belonging to the user/department should be moved to the new site. To update
this information on every import, enable Move
associated assets check box. De-selecting this check box will not
move the asset to the new site.
Click Import Now. The import wizard displays the
various Organizational Units (OUs)
available in that domain. Choose the specific Organizational Unit from
which you wish to import users by selecting the check box beside it.
Click Start Importing.
Once the import is complete, the data on how many records were added,
how many overwritten, and how many failed to import will be displayed.
Schedule AD import
You have an option to schedule Active Directory import in specified
number of days. When you schedule an Active Directory Import, data from
all the domains available in the application is imported at the specified
number of days.
Select the Schedule
AD import check box. Specify the number of days in the text box.
The requester details gets imported automatically once in specified number
button to be in sync with the active directory.