AD Integration & Single Sign On Issues

AD Integration & Single Sign On Issues

1. Can we connect more than one ADFS to Service Desk Plus MSP Cloud?

In SDP MSP Cloud only one Login URL can be configured for SAML Authentication which means only one AD FS Server URL can be used. If you have multiple domains, you can have the AD FS server in one domain and configure trust relationships between the domains. By this way, a single AD FS Server will be able to authenticate users in multiple domains.

2. We use MS Office365 for our Exchange hosting, and our local domain does not contain any E-mail address configured. In Active Directory Users and Computers, will the user's email address be assigned to the Email field?

For SAML Authentication to work, the EMail field should have a value for the users. [Your email may be hosted anywhere, but the field in AD must have the value of the user's email address].

3.Can I use any other identity providers instead of ADFS 2.0?

We support SAML 2.0 protocol, so you can use any standard Identity Provider that supports SAML 2.0. For reference implementation, we have given instructions for AD FS 2.0 (which requires Windows Server 2008 + IIS). However, you can use any other SAML 2.0 Identity Provider with any web server.

4.Do you need a certificate from a centrally assigned authority or can it be self-signed?

The certificate can be a self-signed one or you can have a valid certificate from CA. It’s your choice. If you use a self-signed certificate, your users will see certificate error in browser, since the user's browser will be redirected to the SSO URL for authentication.

5.Can ServiceDesk Plus On-Demand work with the same AD FS server configured for Office365?

If you already have AD FS configured for Office 365, Please click here for configuration AD FS,
Please follow the instructions available in the following pages :
Page 19 to 46
Page 49

6. How to enable Integrated or Passthrough authentication instead of providing username and password in the Login form ?

Please perform the steps listed below so that you will no longer be asked to enter the username and password in IE.
  1. Edit web.config file present in C:\inetpub\adfs\ls directory using WordPad.
  2. Under <localAuthenticationTypes> rearrange it so that Integrated authentication comes first.
  3. E.g.,
    1. <localAuthenticationTypes>
    2. <add name="Integrated" page="auth/integrated/" />
    3. <add name="Forms" page="FormsSignIn.aspx" />
    4. <add name="TlsClient" page="auth/sslclient/" />
    5. <add name="Basic" page="auth/basic/" />
    6. </localAuthenticationTypes>
  4. Save and quit WordPad.
Now try to access our service through your custom url using Internet Explorer.

7. How to disable SAML Authentication ?

Organization Admin (usually the user who first signed-up for SDP MSP Cloud) can login to our service by visiting sdpondemand.manageengine.com instead of the customized domain. In the login page, instead of AD credentials, the SDP MSP Cloud credentials can be used (the password you used when you signed up).
  1. After logging in, go to  Setup > Apps & Add-Ons > SAML configuration  page and delete the configuration.
  2. This will disable SAML Authentication.
  3. When you have imported users using the Provisioning App, you might have supplied a default password. Your org users can use this default password to login. If they do not have a default password, they can click the “Forgot Password” link in the login page to receive a mail to generate a new password.
   
 
 
 
 

    • Related Articles

    • Site24x7 Integration

      Site24x7 is a cloud-based all-in-one monitoring tool that helps DevOps and IT teams monitor the uptime and performance of all aspects of IT infrastructures including websites, virtual and on-premises servers, network devices, and applications. The ...

    • Microsoft Azure Integration

      The Microsoft Azure integration provides additional authorization over Microsoft single sign-on. With this integration, you can import users' department and site details along with their basic information from the Azure directory. Role Required: ...

    • Active Directory Login Issues

      This document provides you resolutions or workarounds for common error messages and issues you might encounter when configuring Active Directory (AD) authentication. Signature Validation Failed If you are using AD FS 2.0 as your identity provider, a ...

    • Azure Active Directory (Azure AD) User Sync

      Integrate Azure Active Directory with ServiceDesk Plus MSP Cloud to sync users periodically across both applications. You can import user data from Azure AD based on specific criteria and map Azure AD fields with ServiceDesk Plus MSP Cloud fields. ...

    • TeamViewer Integration

      TeamViewer is a cloud-based remote access platform that enables you to connect to various remote devices across multiple platforms. It provides both standard remote sessions, granting control over the user's screen, and pilot sessions, allowing you ...