Importing Requesters into ServiceDesk Plus On-Demand using Provisioning App
The Provisioning App utility can be used to import Requesters into ServiceDesk Plus On-Demand from your AD/LDAP. It can also be configured to run as a Scheduled Task in Windows to automatically add, update, disable or delete users from SDP On-Demand on a periodic basis.
User Management in ServiceDesk Plus On-Demand is powered by Zoho. So, a Zoho account would be automatically created for each of the imported user.
- ServiceDesk Plus On-Demand account with organization admin credentials.
- A verified domain in SDP On-Demand. You can add and verify your domain in Admin ---> Organization Details ---> Domain Details page in ServiceDesk Plus On-Demand console.
- Knowledge of LDAP queries
- The Provisioning App utility is built over .NET Framework 4.5. So the app runs only on Windows systems and the .NET Framework must be available in the Windows system.
- Recent Windows operating systems have .NET Framework available by default. In case if this is not available, you can download it from here.
Requester Fields Imported
The following fields can be imported with the Provisioning App: Name, EMail, Phone, Mobile, Site, Department, Manager and Job Title. If you have configured any additional fields for the Requester, they can also be imported, if corresponding values are available in AD/LDAP. Department and Site will be automatically created, if the details are available in LDAP, and if the corresponding Department / Site is not present in SDP On-Demand.
How the Synchronization happens
The Provisioning App queries LDAP and gets a list of Users from LDAP.It then gets your organization's Users from Zoho accounts. Users are excluded based on the exclusion rules. The Provisoning App then compares the Users got from LDAP queries and Zoho and handles the following cases:
- The Users available in LDAP but not in Zoho: These users would be added to Zoho and then be added as Requesters in ServiceDesk Plus On-Demand
- The Users available in Zoho, but not in LDAP : These users will be deleted or disabled in ServiceDesk Plus On-Demand based on your sync preference selected in the tool
Since the Provisioning App adds or deletes users from your organization account in SDP On-Demand, it is important that you configure the LDAP queries and exclusion rules correctly in the app.
First determine the set of users you want to sync between your LDAP server and SDP On-Demand/Zoho. Configure LDAP queries in the Provisioning App tool so as to match only those users whom you want to import or sync. Here are a few examples:
1. To import /sync all users in your AD/LDAP, use the following:
Base DN : DC=zillum,DC=com
Query : (objectClass=user)
2. To import or sync all users in an Organization Unit (OU) named Texas, use the following:
Base DN : OU=Texas,DC=zillum,DC=com
Query : (objectClass=user)
3. To import or sync only the users in a specific ( example, “ITAdmin” ) department and belonging to Texas OU,use the following:
Base DN : OU=Texas,DC=zillum,DC=com
Query : (&(objectClass=user)(department=ITAdmin))
Default Zoho Password for Imported Accounts
- User Management in SDP On-Demand is powered by Zoho. So, a zoho account will be automatically created for each of the imported Requester.
- You can give a default password in the "Provision" tab. New Zoho Accounts to be created will have this as the password.
Please remember to note this down and inform your organization users. This password is needed to login if you are not using SAML Authentication.
- The default password will be set only for new Accounts that are going to be created. For accounts created already, password will not be changed during sync.Please ask your users to change this default password.
- If you are planning to use AD credentials to login please refer here.
Types of Synchronization
You can manually run the Provisioning App tool and select the sync option. It will show you the list of users to be added or deleted/disabled. You can select the users and sync them.
Before you start command-line sync, you must do the following:
- Run the Provisioning App tool and supply all details in it
- Select your sync option – whether to delete or disable users, when user is deleted in LDAP
- Simulate sync to see whether the tool correctly shows the list of users to be added or deleted
- Click on “Save settings for sync”, which will save all your options to a file
- Give this file as an argument for the ProvisioningApp.exe to start the sync process
Execute the following command to initiate the sync process:
ProvisioningApp.exe --action=sync --conf=C:\Users\Administrator\ZohoProvisioning\provisioning.conf --email@example.com
You can configure the above command in the Windows Task Scheduler for periodic sync'ing. An email wouldl be sent to the given address whenever new users are added or users are deleted/disabled. Emails would not be sent for any update to user details like Department or Site, etc.,
You can see the system log anytime in Admin page of ServiceDesk Plus On-Demand console for details about requester add, update or delete.
For more details about configuring scheduled sync, please refer here.
Import from Multiple Domains
You can use a Global Catalogue to query multiple domains in a single forest. Instead of "LDAP://", you can give "GC://" in the Provisioning tool. This way you can search the Global Catalog and do an import or sync of all the users in same forest with SDP On-Demand.
You need to run the Provisioning tool multiple times to import users from multiple forests.
There is no option to sync users from multiple forests.
Using Logs to Troubleshoot
If you face any problem during import or sync, please send us the log files. The log files will be generated in Windows User Profiles directory. e.g., C:\Users\Administrator.Domain\ZohoProvisioning\logs
Sequence of Steps for Requester Import using the Provisioning App
1. Provide the ServiceDesk Plus On-Demand credentials
2. Provide the LDAP Connection details
3. Choose the operation and provide LDAP Queries and Exclusions as needed
4. Provide the necessary attributes
5. Review the LDAP Query Results and click ' Finish'
6. The list of users imported is displayed