Service Manager

Home 

This is the latest version of the help for Ivanti Service Manager 2018. If you cannot find some of the features described in the help, you may be using an older version of the application. To upgrade the application, click here.
To view the help for the latest version of Service Manager, click here

About External Authentication Configuration

About Authentication Providers

Adding an Authentication Provider Manually

Setting Up Users for Authentication

About Authentication Providers

An authentication provider is a way of linking Service Manager to a service that provides authentication services for you.

Use the Authentication Providers workspace to manage multiple authentication providers for user accounts with authentication credentials that were already established elsewhere.

There are two ways to add an authentication provider: either manually, as described in Adding an Authentication Provider Manually, and by using metadata, as described in Adding an Authentication Provider by Importing Metadata.

Adding an Authentication Provider Manually

1.From the Configuration Console, click Configure > Security Controls > Authentication Providers to open the Authentication Providers workspace.

2.From the New Record Menu drop-down list, choose an authentication provider:

Option Description
New ADFS/SAML

The customer web portal site acts as the SAML identity provider, and the Service Manager web application server acts as the service provider. See Setting Up ADFS Authentication in Ivanti Service Manager.

New LDAP

You can employ multiple LDAP providers. See Setting Up External Authentication with LDAP.

New Open ID

Open ID providers (Open ID site, Google, Yahoo, etc.) perform the authentication. When logging into Service Manager the first time, click the Open ID link. You are redirected to the Open ID site to authenticate. Upon authentication, you are redirected to Service Manager. See Setting Up Authentication for OpenID . The system stores the cookie used for authentication, and subsequent login attempts skip the redirection.

New OpenID Connect

Creates an OpenID Connect for Google or Microsoft Azure. See Setting Up Authentication for OpenID Connect with Google and Setting Up Authentication for OpenID Connect with Microsoft Azure.

New Windows Integrated Allows you to directly set up AD authentication. See Configuration Method.

Setting Up Users for Authentication

After you create an external authentication provider, you can select it when creating and updating employee records.

Users can click a link on the Service Manager login page that directs them to their identity provider website and log in from there, or they can use authentication to log in from an URL sent via email, as described in Logging In or Accessing Records Using URLs.

If a user does not have an employee record and if auto provisioning is selected in the authentication provider record, the system creates an employee record for the user when they log in via ADFS/SAML, Open ID, or OpenID Connect. See Setting Up Authentication for ADFS/SAML, Setting Up Authentication for OpenID , Setting Up Authentication for OpenID Connect with Google, and Setting Up Authentication for OpenID Connect with Microsoft Azure.

If you are creating only a few users, you can set the authentication provider by following these steps:

1.Log in to the Service Desk Console.

2.Open the Employee workspace. The system displays a list of employees.

3.Open the employee record to set up authentication for.

4.From the Details tab, check Enable External Auth.

5.For the Login for External Auth field, click Add new.... The system displays the New External Login dialog box.

6.Enter data into the fields.

Field Description

Login

The login ID for the tenant (UPN) on the domain. The the UPN (user principal name) of the Active Directory user from the ADFS server (for example, [email protected]).

Authentication Provider

The tenant ADFS that you created.

7.Click Save. The system closes the window.

8.Click Save.

9.Repeat this procedure for each user.

When setting up authentication, users must use their external authentication login when logging into Service Manager, not their internal login ID.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other