Configuring SAML SSO for ManageEngine ServiceDesk Plus (On-premises)
The following steps will help you configure the single sign-on functionality between ADSelfService Plus and ServiceDesk Plus.
Prerequisite
- Ensure that the ADSelfService Plus server can be accessed through an HTTPS Connection (Access URL must be configured as HTTPS).
- Log in to ADSelfService Plus as an administrator.
- Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select ServiceDesk Plus from the applications displayed.
Note: You can also find ServiceDesk Plus from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.
- Click IdP Details in the top-right corner of the screen.
- In the pop-up that appears, copy the Login URL and Logout URL, which will be used during the configuration of ServiceDesk Plus.
- Download the SSO certificate by clicking the Download X509-Certificate link.
ServiceDesk Plus (service provider) configuration steps
- Log in to ServiceDesk Plus with administrator credentials.
- Click on the Admin icon in the top-right corner.
- Navigate to Users → SAML Single Sign On.
- Under the Configuration tab, navigate to the Configure Identity Provider Details section.
- In the Login URL field, paste the Login URL value copied in Step 5 of Prerequisites.
- In the Logout URL field, enter the Logout URL value copied in Step 5 of Prerequisites.
Note: The Logout URL is optional and can be skipped if single logout (automatically log out from ADSelfService Plus when logging out from ServiceDesk Plus) is not required. The Login URL and Logout URL values must be valid domain names. For example, URLs in the following formats are supported: selfservice.com or selfservice.in.
- In the Name ID format drop-down field, select email address from the list.
- In the Algorithm drop-down field, choose the option RSA_SHA256 from the list.
- Click the Choose File button and select the file downloaded in Step 6 of Prerequisites to upload it.
- Click Save.
- After entering the identity provider details, toggle the button to enable SAML Single Sign-On.
- If you want users to log in to ServiceDesk Plus only through SAML Single Sign-On, toggle the button to enable the Collapse the login form by default option. To allow users to choose between logging in with their credentials or SAML Single Sign-On, disable this option.
- Copy the values of the Assertion Consumer URL and the Entity ID from the Service Provider Details section; these will be used later.
ADSelfService Plus (Identity Provider) configuration steps
- Switch to ADSelfService Plus' ServiceDesk Plus configuration page.
- Enter the Application Name and Description.
- In the Assign Policies field, select the policies for which SSO needs to be enabled.
Note: ADSelfService Plus allows you to create OU- and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
- In the SAML section of the ServiceDesk Plus configuration page, select the Enable Single Sign-On check box.
- In the Assertion Consumer URL field, enter the Assertion Consumer URL copied in Step 13 of ServiceDesk Plus configuration.
- In the Entity ID field, enter the Entity ID value copied in Step 13 of ServiceDesk Plus configuration.
- In the Name ID Format field, choose the format for the user login attribute value specific to the application.
Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application
- Click Add Application.
Your users should now be able to sign in to ServiceDesk Plus through the ADSelfService Plus portal.
Note: For ServiceDesk Plus, both SP-initiated and IDP-initiated flow is supported.
Don't see what you're looking for?
-
Visit our community
Post your questions in the forum.
-
Request additional resources
Send us your requirements.
-
Need implementation assistance?
Try onboarding