Service Manager powered by HEAT

About External Authentication Configuration

About Authentication Providers

Adding an Authentication Provider Manually

Setting Up Users for Authentication

About Authentication Providers

An authentication provider is a way of linking Ivanti Service Manager to a service that provides authentication services for you.

Use the Authentication Providers workspace to manage multiple authentication providers for user accounts with authentication credentials that were already established elsewhere.

There are two ways to add an authentication provider: either manually, as described in Adding an Authentication Provider Manually, and by using metadata, as described in Adding an Authentication Provider by Importing Metadata.

Adding an Authentication Provider Manually

1.From the Configuration Console, click Configure > Security Controls > Authentication Providers to open the Authentication Providers workspace.

2.From the New Record Menu drop-down list, choose an authentication provider:

Option Description
New ADFS/SAML

The customer web portal site acts as the SAML identity provider, and the Ivanti Service Manager web application server acts as the service provider. See Setting Up ADFS Authentication in Ivanti Service Manager.

New LDAP

You can employ multiple LDAP providers. See Setting Up External Authentication with LDAP.

New Open ID

Open ID providers (Open ID site, Google, Yahoo, etc.) perform the authentication. When logging into Ivanti Service Manager the first time, click the Open ID link. You are redirected to the Open ID site to authenticate. Upon authentication, you are redirected to Ivanti Service Manager. See Setting Up Authentication for Open ID. The system stores the cookie used for authentication, and subsequent login attempts skip the redirection.

New OpenID Connect

Creates an OpenID Connect for Google or Microsoft Azure. See Setting Up Authentication for OpenID Connect with Google and Service Manager powered by HEAT.

New Windows Integrated Allows you to directly set up AD authentication. See Configuration Method.

Setting Up Users for Authentication

After you create an external authentication provider, you can select it when creating and updating employee records.

Users can click a link on the Ivanti Service Manager login page that directs them to their identity provider website and log in from there, or they can use authentication to log in from an URL sent via email, as described in Logging In or Accessing Records Using URLs.

If a user does not have an employee record and if auto provisioning is selected in the authentication provider record, the system creates an employee record for the user when they log in via ADFS/SAML, Open ID, or OpenID Connect. See Setting Up Authentication for ADFS/SAML, Service Manager powered by HEAT, Service Manager powered by HEAT, and Service Manager powered by HEAT.

If you are creating only a few users, you can set the authentication provider by following these steps:

1.Log in to the Service Desk Console.

2.Open the Employee workspace. The system displays a list of employees.

3.Open the employee record to set up authentication for.

4.From the Details tab, check Enable External Auth.

5.For the Login for External Auth field, click Add new.... The system displays the New External Login dialog box.

6.Enter data into the fields.

Field Description

Login

The login ID for the tenant (UPN) on the domain. The the UPN (user principal name) of the Active Directory user from the ADFS server (for example, [email protected]).

Authentication Provider

The tenant ADFS that you created.

7.Click Save. The system closes the window.

8.Click Save.

9.Repeat this procedure for each user.

When setting up authentication, users must use their external authentication login when logging into Ivanti Service Manager, not their internal login ID.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other