Steps to configure SAML SSO for ManageEngine ServiceDesk Plus MSP
About ServiceDesk Plus MSP
ServiceDesk Plus MSP, a web-based ITSM suite for managed service providers, offers complete help desk, service desk, account, asset management, remote control, and reporting capabilities. It empowers service providers to offer services and support to multiple clients with centralized controls.
The following steps will help you enable single sign-on (SSO) for ServiceDesk Plus MSP from Identity360.
Prerequisites
- The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications. For more information, refer to pricing details.
- Log in to Identity360 as an Admin or Super Admin.
- Navigate to Applications > Application Integration > Create New Application, and select ServiceDesk Plus MSP from the applications displayed.
Note: You can also find ServiceDesk Plus MSP from the search bar located at the top.
- Under the General Settings tab, enter the Application Name and Description.
- Under Choose Capabilities tab, choose SSO and click Continue.
General settings of SSO configuration for ServiceDesk Plus MSP
- Under Integration Settings, navigate to the Single Sign On tab, click on Metadata Details.
- Copy the Login URL and Logout URL, which will be used during the configuration of ServiceDesk Plus MSP.
- Download the SSO certificate by clicking Download from the Signing Certificate field.
Integration Settings of SSO configuration for ServiceDesk Plus MSP
ServiceDesk Plus MSP (service provider) configuration steps
- Log in to ServiceDesk Plus MSP with admin credentials.
- Click the Admin icon in the top-right corner.
- Navigate to Users & Permission > SAML Single Sign On.
Portal view of ServiceDesk Plus MSP
- Under the SAML Single Sign On tab, click + New SAML Configuration.
Configuration of SAML SSO from ServiceDesk Plus MSP
- Enter the name of the identity provider (Identity360) in the New SAML Configuration pop-up and click Create.
SAML configuration from ServiceDesk Plus MSP
- To associate accounts with this SAML configuration, select the preferred accounts using the Associated Accounts drop-down, under the Account Association section.
Account association configuration from ServiceDesk Plus MSP
- In the Login URL field, paste the Login URL value copied in step 6a of the prerequisites section.
- In the Logout URL field, enter the Logout URL value copied in step 6a of the prerequisites section.
Note: The Logout URL is optional and can be skipped if single logout (i.e., automatically log out from ADSelfService Plus when logging out from ServiceDesk Plus MSP) is not required.
- In the Name ID format drop-down field, select Email Address from the list.
- In the Algorithm drop-down field, choose the option RSA_SHA256 from the list.
- Click the Choose File button and select the file (SSO certificate) downloaded in step 6b of the prerequisites section to upload it.
IdP configuration details from ServiceDesk Plus MSP
- Navigate to Additional Claims to create additional attributes that enable you to create a detailed user profile for dynamic users logging in via SAML. Provide attribute names for the identity provider to send the value for the corresponding application field and enable the fields that need to be imported.
- In the Default Fields section, you can change the values of:
- Login Name as Email.
- First name as FirstName.
- Last Name as LastName.
- Click Save.
Additional claims configuration from ServiceDesk Plus MSP
- After entering the identity provider details, toggle the button to enable SAML Single Sign-On.
- If you want users to log in to ServiceDesk Plus MSP only through SAML Single Sign-On, toggle the button to enable the Collapse the login form by default option. To allow users to choose between logging in with their credentials or SAML Single Sign-On, disable this option.
ServiceDesk Plus MSP SSO enablement
- Copy the values of the Assertion Consumer URL and the Entity ID from the Service Provider Details section; these will be used later.
Configuration details from ServiceDesk Plus MSP
Identity360 (identity provider) configuration steps
- Switch to Identity360's application configuration page.
- In the ACS URL field, enter the Assertion Consumer URL copied in step 17 of ServiceDesk Plus MSP configuration.
- In the Entity ID field, enter the Entity ID value copied in step 17 of ServiceDesk Plus MSP configuration.
- Click Save.
Integration Settings of SSO configuration for ServiceDesk Plus MSP
- To learn how to assign users or groups to one or more applications, refer to this page.
Your users should now be able to sign in to ServiceDesk Plus MSP through the Identity360 portal.
Note: For ServiceDesk Plus MSP, both SP-initiated and IdP-initiated flows are supported.
Steps to enable MFA for ServiceDesk Plus MSP
Setting up MFA for ServiceDesk Plus MSP using Identity360 involves the following steps:
- Set up one or more authenticators for identity verification when users attempt to log in to ServiceDesk Plus MSP. Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
- Integrate ServiceDesk Plus MSP with Identity360 by configuring SSO using the steps listed here.
- Now, activate MFA for ServiceDesk Plus MSP by following the steps mentioned here.
How does MFA for applications work in Identity360?