About External Authentication Configuration
An authentication provider is a way of linking Service Manager to a service that provides authentication services for you.
Use the Authentication Providers workspace to manage multiple authentication providers for user accounts with authentication credentials that were already established elsewhere.
There are two ways to add an authentication provider: either manually, as described in Adding an Authentication Provider Manually, and by using metadata, as described in Adding an Authentication Provider by Importing Metadata.
1.From the Configuration Console, click Configure > Security Controls > Authentication Providers to open the Authentication Providers workspace.
2.From the New Record Menu drop-down list, choose an authentication provider:
The customer web portal site acts as the SAML identity provider, and the Service Manager web application server acts as the service provider. See Setting Up ADFS Authentication in Ivanti Service Manager.
You can employ multiple LDAP providers. See Setting Up External Authentication with LDAP.
|New Open ID||
Open ID providers (Open ID site, Google, Yahoo, etc.) perform the authentication. When logging into Service Manager the first time, click the Open ID link. You are redirected to the Open ID site to authenticate. Upon authentication, you are redirected to Service Manager. See Setting Up Authentication for OpenID. The application stores the cookie used for authentication, and subsequent login attempts skip the redirection.
|New OpenID Connect||
Creates an OpenID Connect for Google or Microsoft Azure. See Setting Up Authentication for OpenID Connect with Google and Setting Up authentication for OpenID Connect with Microsoft Azure.
|New Windows Integrated||Allows you to directly set up AD authentication. See About Windows Integrated Security.|
After you create an external authentication provider, you can select it when creating and updating employee records.
Users can click a link on the Service Manager login page that directs them to their identity provider website and log in from there, or they can use authentication to log in from an URL sent via email, as described in Logging In or Accessing Records Using URLs.
If a user does not have an employee record and if auto provisioning is selected in the authentication provider record, the application creates an employee record for the user when they log in via ADFS/SAML, Open ID, or OpenID Connect. See Setting Up Authentication for ADFS/SAML, Setting Up Authentication for OpenID, Setting Up Authentication for OpenID Connect with Google, and Setting Up authentication for OpenID Connect with Microsoft Azure.
If you are creating only a few users, you can set the authentication provider by following these steps:
1.Log in to the Service Desk Console.
2.Open the Employee workspace. The application displays a list of employees.
3.Open the employee record to set up authentication for.
4.From the Details tab, check Enable External Auth.
5.For the Login for External Auth field, click Add new.... The application displays the New External Login dialog box.
6.Enter data into the fields.
The login ID for the tenant (UPN) on the domain. The the UPN (user principal name) of the Active Directory user from the ADFS server (for example, [email protected]).
The tenant ADFS that you created.
7.Click Save. The application closes the window.
9.Repeat this procedure for each user.
When setting up authentication, users must use their external authentication login when logging into Service Manager, not their internal login ID.