Integrating PAM360 with ManageEngine ServiceDesk Plus Cloud

By integrating PAM360 with ManageEngine ServiceDesk Plus (SDP) Cloud, technicians can access target endpoints for privileged sessions to resolve the issues easily. This integration ensures data security by eliminating the need to share sensitive passwords and allowing technicians to access remote systems directly from the ServiceDesk Plus Cloud portal with a single click. Administrators can ensure that only authorized technicians with the request have access to privileged accounts without sharing credentials. This integration also eliminates the need for technicians to switch between platforms constantly, enhancing efficiency and security in IT management workflows.

Required Roles in PAM360

Any of the below roles is required to perform the integration process:

  1. Privilege Administrator
  2. Administrator
  3. Password Administrator
  4. Any custom role with 'ManageEngine Integration' privilege enabled
At the end of this document you will learn about following process involved in integrating PAM360 with ServiceDesk Plus cloud

  1. Prerequisites
  2. Installing the Probe to Establish Communication between PAM360 and SDPOD
  3. Installing a PAM360 Extension to Integrate PAM360 with the ServiceDesk Plus Cloud
  4. How Do Technicians Benefit from the Integration?

1. Prerequisites

Before commencing the integration, verify if all of the below prerequisites are satisfied.

  1. Access to an active SDP Cloud portal for configuration.
  2. Technicians using SDP Cloud must also be PAM360 users with identical email ID on both platforms.
  3. Privileged resources present in the PAM360 application should be added as workstations under Assets >> IT >> Workstations in the ServiceDesk Plus Cloud.
    • The resource name of PAM360 and the workstation name of SDP cloud should be the identical (including case-sensitive) to make a privileged remote session from ServiceDesk Plus Cloud.
    • You can add the required resources from PAM360 to the SDP cloud, individually or in bulk, using the Import from CSV feature.
    sdpod-1
  4. SDP Cloud and PAM360 on-premise applications only communicates using probe, so a probe installation is required to establish the communication.
  5. Remember to copy the Authentication Token (Auth Token) generated during integration as it's specific to your ServiceDesk Plus Cloud instance.

2. Installing the Probe to Establish Communication between PAM360 and SDPOD

Since PAM360 is an on-premise application, a remote probe application must be installed on a server that resides in the LAN of the PAM360 server to connect with the cloud version of ServiceDesk Plus. To install a remote probe application in the PAM360 server, follow these steps:

  1. Log in to the ServiceDesk Plus Cloud application and navigate to Setup >> Probes & Discovery >> Probe.
  2. Click Add Probe to add a new probe for PAM360 integration.
  3. Provide the Probe Name as Pam Probe and click Add.
    sdpod-2
  4. Upon adding the probe, click Show Key and copy the probe key for further installation process.
  5. Now, download the probe using the Download Probe button from the top pane and execute the downloaded .msi file in the PAM360 server to install the probe.
  6. After successful installation, provide the probe key copied previously to register. If you are using a proxy server, then provide proxy server details such as proxy host and proxy port, proxy username, and password.
  7. Upon registering, the probe created in the ServiceDesk Plus cloud will become active for successful communication with the PAM360 server.
For more details on managing the Probe, refer to this ServiceDesk Plus cloud help document.

3. Installing a PAM360 Extension to Integrate PAM360 with the ServiceDesk Plus Cloud

Upon completing the probe installation, a further PAM360 extension installation in the SDP cloud is required to complete the integration process. To do so, perform the following steps:

  1. Log in to the PAM360 application and navigate to Admin >> Integrations >> ManageEngine.
  2. In the page that appears, you will see the ServiceDesk Plus Cloud block with an integration enabled or disabled.
  3. Sl. No: Button Definition

    1

    Enable

    You will see this option if the integration is disabled. Click this button and you will be notified with a pop-up to set up the integration from the SDP Cloud portal.

    2

    Edit

    Click this button, and the ServiceDesk Plus Cloud Integration window pops up for AUTH Token regeneration.

    3

    Disable

    You will see this option if the integration is enabled. Click this button to disable the integration.

  4. Click Enable to proceed with the integration process.
    sdpod-3
  5. In the dialogue box that opens, click Generate to generate the AUTH Token for the PAM360-ServiceDesk Plus integration.
  6. Copy the generated AUTH Token and click Save.
  7. Now, log in to the ServiceDesk Plus Cloud application and navigate to Setup >> Apps & Add-ons >> Extensions >> Installed Extensions.
  8. In the window that appears, look out for the ManageEngine PAM360 extension and Install it.
  9. Upon successful installation, go to the Installed Extension and click on the PAM360 extension to update the Extension Variables with the PAM360 information.
  10. In the window that appears, enter the AUTH Token copied from the PAM360 interface in the pam_authtoken field.
  11. Enter the PAM360 service URL in the pam_domain_url.
    sdpod-4
Now, you have successfully integrated PAM360 with the SDP cloud application.

4. How this Integration Benefits?

Vision - To streamline the remote session process and to ensure that the technician has immediate access to the relevant asset/endpoint required to address the user's request directly from the SDP cloud interface.

Scenario - A user in an organization creates a request in the IT service desk of the SDP cloud. While creating the request, the user mapped an asset (i.e., a privileged endpoint/machine) on which the request was to be handled.

Action After Request Creation - The request will automatically link the asset mapped by the user as a privileged resource for a remote session if it exists as a workstation in the SDP Cloud's asset section and as a resource in PAM360.

How this integration eases the technician for the above scenario?

To facilitate the necessary actions, such as troubleshooting/installation/maintenance, the technician requires privileged access to the target resource. With the active integration between PAM360 and SDP Cloud and the above-satisfied prerequisites, this is seamlessly achieved.

By navigating to the respective assigned request and selecting More Actions followed by Privileged Session, the technician can initiate a privileged remote session to the machine directly from the SDP cloud request interface. This integration not only enhances efficiency but also ensures secure and controlled access to critical resources, thereby empowering technicians to fulfill user requests effectively.
sdpod-5

Note: If a user submits a request to install several applications on a group of machines belonging to a privileged group but provides only the name of the group instead of specifying individual assets in the request, the administrator or technician must manually associate the required group of machines as the assets with the request to facilitate the necessary privileged remote sessions.


sdpod-6



Top