Steps to configure SAML SSO for ManageEngine ServiceDesk Plus MSP

About ServiceDesk Plus MSP

ServiceDesk Plus MSP, a web-based ITSM suite for managed service providers, offers complete help desk, service desk, account, asset management, remote control, and reporting capabilities. It empowers service providers to offer services and support to multiple clients with centralized controls.

The following steps will help you enable single sign-on (SSO) for ServiceDesk Plus MSP from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications. For more information, refer to pricing details.
  2. Log in to Identity360 as an Admin or Super Admin.
  3. Navigate to Applications > Application Integration > Create New Application, and select ServiceDesk Plus MSP from the applications displayed.
    Note: You can also find ServiceDesk Plus MSP from the search bar located at the top.
  4. Under the General Settings tab, enter the Application Name and Description.
  5. Under Choose Capabilities tab, choose SSO and click Continue.
    Identity360 application configuration general settingsGeneral settings of SSO configuration for ServiceDesk Plus MSP
  6. Under Integration Settings, navigate to the Single Sign On tab, click on Metadata Details.
    • Copy the Login URL and Logout URL, which will be used during the configuration of ServiceDesk Plus MSP.
    • Download the SSO certificate by clicking Download from the Signing Certificate field.
      Identity360 application configuration integration settingsIntegration Settings of SSO configuration for ServiceDesk Plus MSP

ServiceDesk Plus MSP (service provider) configuration steps

  1. Log in to ServiceDesk Plus MSP with admin credentials.
  2. Click the Admin icon in the top-right corner.
  3. Navigate to Users & Permission > SAML Single Sign On.
    ServiceDesk Plus MSP portal viewPortal view of ServiceDesk Plus MSP
  4. Under the SAML Single Sign On tab, click + New SAML Configuration.
    ServiceDesk Plus MSP Set up SSOConfiguration of SAML SSO from ServiceDesk Plus MSP
  5. Enter the name of the identity provider (Identity360) in the New SAML Configuration pop-up and click Create.
    ServiceDesk Plus MSP SAML configurationSAML configuration from ServiceDesk Plus MSP
  6. To associate accounts with this SAML configuration, select the preferred accounts using the Associated Accounts drop-down, under the Account Association section.
    Account association configuration from ServiceDesk Plus MSPAccount association configuration from ServiceDesk Plus MSP
  7. In the Login URL field, paste the Login URL value copied in step 6a of the prerequisites section.
  8. In the Logout URL field, enter the Logout URL value copied in step 6a of the prerequisites section.
    Note: The Logout URL is optional and can be skipped if single logout (i.e., automatically log out from ADSelfService Plus when logging out from ServiceDesk Plus MSP) is not required.
  9. In the Name ID format drop-down field, select Email Address from the list.
  10. In the Algorithm drop-down field, choose the option RSA_SHA256 from the list.
  11. Click the Choose File button and select the file (SSO certificate) downloaded in step 6b of the prerequisites section to upload it.
    IdP configuration detailsIdP configuration details from ServiceDesk Plus MSP
  12. Navigate to Additional Claims to create additional attributes that enable you to create a detailed user profile for dynamic users logging in via SAML. Provide attribute names for the identity provider to send the value for the corresponding application field and enable the fields that need to be imported.
  13. In the Default Fields section, you can change the values of:
    • Login Name as Email.
    • First name as FirstName.
    • Last Name as LastName.
  14. Click Save.
    Additional claims configuration from ServiceDesk Plus MSPAdditional claims configuration from ServiceDesk Plus MSP
  15. After entering the identity provider details, toggle the button to enable SAML Single Sign-On.
  16. If you want users to log in to ServiceDesk Plus MSP only through SAML Single Sign-On, toggle the button to enable the Collapse the login form by default option. To allow users to choose between logging in with their credentials or SAML Single Sign-On, disable this option.
    SP SSO enablementServiceDesk Plus MSP SSO enablement
  17. Copy the values of the Assertion Consumer URL and the Entity ID from the Service Provider Details section; these will be used later.
    ServiceDesk Plus MSP configuration detailsConfiguration details from ServiceDesk Plus MSP

Identity360 (identity provider) configuration steps

  1. Switch to Identity360's application configuration page.
  2. In the ACS URL field, enter the Assertion Consumer URL copied in step 17 of ServiceDesk Plus MSP configuration.
  3. In the Entity ID field, enter the Entity ID value copied in step 17 of ServiceDesk Plus MSP configuration.
  4. Click Save.
    Identity360 application configurationIntegration Settings of SSO configuration for ServiceDesk Plus MSP
  5. To learn how to assign users or groups to one or more applications, refer to this page.

Your users should now be able to sign in to ServiceDesk Plus MSP through the Identity360 portal.

Note: For ServiceDesk Plus MSP, both SP-initiated and IdP-initiated flows are supported.

Don't see what you're looking for?

  •  

    Visit our community  

    Post your questions in the forum.

     
  •  

    Request additional resources  

    Send us your requirements.