Directory

Directory

The Directory tab in the customer details page allows you to configure Multi-Factor Authentication, service URL custom domain for the customer.

Contents:
  3. Configure Service URL for Requester Portal
  4. Add Domains

SAML Authentication 

SDAdmin/SDAccountManager can enable SAML authentication for the customer. This allows requesters of the customer to log in once to gain access to multiple applications without needing to re-enter credentials.
 
To configure SAML for a customer,
  1. Go to the Directory tab on the customer details page.
  2. Click Configure against SAML Authentication.
  1. On the pop-up displayed, fill in the identity provider information, including the login/logout URL and, and upload the certificate. Refer here to learn how to retrieve these details.
  2. Enter the , a unique identifier that is specific to your service. This is used to distinguish SAML requests and responses.
  3. You can also enable the Allow Signing of SAML Requests checkbox. This establishes trust between the identity provider and the application for secure authentication. It verifies the requester's identity and prevents unauthorized access to the application.
  4. After configuring the details, click Verify & Save.
You can view the SAML metadata under the Directory tab. Click Download Metadata displayed beside SAML Authentication to save the file.

The metadata file contains the assertion consumer service (ACS) URL, which is the endpoint for interacting with the application for login and logout from the IDP, as well as the public key for decrypting and verifying signatures sent from the application.

Service URL must be configured to download metadata.

 

Multi-Factor Authentication

SDAdmin/SDAccountManager can enable multi-factor authentication for the customer  to add an extra layer of security for the requesters of the customer.

You can enable/disable Multi-Factor Authentication under the Directory tab on the customer details page.

Enabling MFA for the customer will mandate all requesters of the customer to set up MFA during their first login.


Reset Multi-Factor Authentication for User:
When MFA is enabled, a Reset for User option will appear under the respective section. If a user loses their MFA device and do not have their backup verification codes, the admin can reset MFA for the user by clicking the option and entering the user's email address. The user can then reconfigure MFA during their next login.

 

 

Configure Service URL for Requester Portal  

Service URLs enable customers to access ServiceDesk Plus MSP Cloud's requester portal via a URL unique to the specific customer.

When a customer is created, a ServiceURL is created by default by the application. You can delete the Service URL and configure a Service URL for the customer in the Directory tab on the customer details page.

Customers who don't have a domain configured are represented with a  icon beside their name in the list view and a warning message on the customer details page.

Role Required: SDAdmin, SDAccountManager

Users in the customer organization can access a unique requester portal to raise requests to the MSP. When you configure a Service URL for a customer, the users within the company can access the requester portal using the URL. For example, users in the ACME company can use the URL "itsupport.acme.com" to access the requester portal. 


 Add a Service URL 

  1. Go to the Customers module.
  2. Click a customer to open the details page, and navigate to the Directory tab.
  3. In ServiceDesk Plus MSP Cloud, you can configure a Service URL either using your own custom domain or the service domain of the application.
    1. For custom domain:
      1. Under Domains, click Add Verified Domain
      2. Enter a domain name and click Add.  


CNAME record must be created before adding the verified domain. You can find the instructions for mapping CNAME details in the tool tip  next to Domains.
      1. Under Service URL, click New Service URL.
 If a service URL is already set up and you want to change it, click Delete against it to access the New Service URL button. 

When a Service URL is deleted, links sent to the users with the previous Service URL will not be accessible.
      1. To set a custom domain, select the Use Custom Domain radio button in the New Service URL pop-up and follow the steps mentioned here to create a CNAME record. 
      2. After a CNAME is created, enter the subdomain and select the verified domain from the drop-down. 

    1. To create a custom domain with the service domain, select the Use Custom Domain with Service Domain radio button in the New Service URL pop-up and specify the subdomain name in the text box displayed. 
 For example, if the service domain is sdpmsp.com, and you enter the prefix 'xyz', a subdomain `xyz.sdpmsp.com; will be created.   

The only special character allowed in the Service URL is a hyphen (-).  However, the Service URL cannot start or end with this special character.

 

 

  1. After entering the subdomain in the textbox, click Verify & Save. Learn more about verifying domains.

 

 Add Domains 

You can add verified domains for customers to perform the following:
  1. Configure a Service URL with the verified domain to access the requester portal.
  2. Add users with verified domain email addresses to the application without invitation.
To add a domain,
  1. Go to the Directory tab on the respective customer's details page.
  2. Under Domains, click Add Verified Domain

  1. Enter a domain name and click Add.  

 

A CNAME record must be created before adding the verified domain. You can find the instructions for mapping CNAME details in the tool tip next to Domains 

Follow the steps mentioned here to create a CNAME record.
Only special characters such as a period (.) and a hyphen (-) are allowed in the verified domain.  However, the domain name cannot start or end with special characters.

 

Verify Domains/Service URLs 

To add your own domain in ServiceDesk Plus MSP Cloud, you need to have a CNAME record configured in your DNS management page before adding the URL in the application.
If the CNAME record is not created in the DNS panel before adding the domain in ServiceDesk Plus MSP Cloud, an error will be shown. 

CNAME records are not required while creating a custom domain with the service domain.
 

To add a CNAME record,
  1. Log in to your domain-hosting site.
  2. Go to your DNS management page and create a CNAME record.
  3. Map the CNAME record to the appropriate destination mentioned in ServiceDesk Plus MSP Cloud. The destination will appear in the domain configuration pop-up window in the application as shown below:

SSL Certification  

After adding the domain in ServiceDesk Plus MSP Cloud, SSL Certificate will be automatically applied to secure your domain. Typically, service URLs are validated and SSL certification will be completed in 1 business day.

Once the SSL is certified and updated, the application will run only in HTTPS mode. We will implement the SSL certificate and enforce HTTPS for your custom domain using a multi-domain certificate on our servers.  

 While creating a subdomain with the service domain, SSL is verified by default for the service domain. 

Service URLs configured for customers cannot be added for custom service URLs in the ESM directory,  and vice versa.

The domain/subdomain will only work with its most recent CNAME record. If the CNAME mapping is altered in the DNS management page, the requester portal cannot be accessed via the Service URL. 

 

Remove a Custom Domain/Service URL 

To remove a custom domain for a customer, go to the Directory tab on the customer details page, and click beside the custom domain.

To delete a Service URL, go to the Directory tab on the customer details page, and click Delete against the Service URL configured. 


If the Service URL is configured with a custom domain, you need to delete the Service URL to delete the custom domain.

When a Service URL is deleted, links sent to the users with the previous Service URL will not be accessible. 

You cannot add or update Service URL/custom domains for inactive customers. You can only delete them.

    • Related Articles

    • Customers - Overview

      The Customers module lets you manage clients of the managed service provider (MSP). The MSP can maintain detailed records of all customers and their information, including associated solutions, advisory details, announcements, and more in the ...

    • Asset Auto Assign

      AssetExplorer Cloud allows you to automatically assign users to assets based on the last login information from one of the following scanning methods: Domain scan Network scan SCCM scan Manual scan Agent scan via Endpoint Central Asset Auto Assign is ...

    • Roles

      Roles define permissions that requesters and technicians require to access ServiceDesk Plus MSP Cloud and the modules within the application. Role Required: SDAdmin Technician Roles ServiceDesk Plus MSP Cloud comes with predefined roles that can be ...

    • View Customer Details

      To view the customer's details, Go to the Customers module. In the customer list view, click the name of a customer to open the details page. The following tabs are available on the customer details page: Details: Provides comprehensive details on ...

    • Onboard Customers

      You can add customers individually or import multiple customers at once in ServiceDesk Plus MSP Cloud. Role Required: SDAdmin The MSP may be handling IT services for numerous clients. Adding these clients to the application as customers helps in ...