About External Authentication Configuration

About Authentication Providers

Adding an Authentication Provider Manually

Setting Up Users for Authentication

About Authentication Providers

An authentication provider is a way of linking Neurons for ITSM to a service that provides authentication services for you.

Use the Authentication Providers workspace to manage multiple authentication providers for user accounts with authentication credentials that were already established elsewhere.

There are two ways to add an authentication provider: either manually, as described in Adding an Authentication Provider Manually, and by using metadata, as described in Adding an Authentication Provider by Importing Metadata.

Adding an Authentication Provider Manually

1.From the Configuration Console, click Configure > Security Controls > Authentication Providers to open the Authentication Providers workspace.

2.From the New Record Menu drop-down list, choose an authentication provider:

Option Description
New ADFS/SAML

The customer web portal site acts as the SAML identity provider, and the Neurons for ITSM web application server acts as the service provider. See Setting Up ADFS Authentication in Ivanti Neurons for ITSM.

New LDAP

You can employ multiple LDAP providers. See Setting Up External Authentication with LDAP.

New Open ID

Open ID providers (Open ID site, Google, Yahoo, etc.) perform the authentication. When logging into Neurons for ITSM the first time, click the Open ID link. You are redirected to the Open ID site to authenticate. Upon authentication, you are redirected to Neurons for ITSM. See Setting Up Authentication for OpenID. The application stores the cookie used for authentication, and subsequent login attempts skip the redirection.

New OpenID Connect

Creates an OpenID Connect for Google or Microsoft Azure. See Setting Up Authentication for OpenID Connect with Google and Setting Up authentication for OpenID Connect with Microsoft Azure.

New Windows Integrated Allows you to directly set up AD authentication. See About Windows Integrated Security.

Setting Up Users for Authentication

After you create an external authentication provider, you can select it when creating and updating employee records.

Users can click a link on the Neurons for ITSM login page that directs them to their identity provider website and log in from there, or they can use authentication to log in from an URL sent via email, as described in Logging In or Accessing Records Using URLs.

If a user does not have an employee record and if auto provisioning is selected in the authentication provider record, the application creates an employee record for the user when they log in via ADFS/SAML, Open ID, or OpenID Connect. See Setting Up Authentication for ADFS/SAML, Setting Up Authentication for OpenID, Setting Up Authentication for OpenID Connect with Google, and Setting Up authentication for OpenID Connect with Microsoft Azure.

If you are creating only a few users, you can set the authentication provider by following these steps:

1.Log in to the Service Desk Console.

2.Open the Employee workspace. The application displays a list of employees.

3.Open the employee record to set up authentication for.

4.From the Details tab, check Enable External Auth.

5.For the Login for External Auth field, click Add new.... The application displays the New External Login dialog box.

6.Enter data into the fields.

Field Description

Login

The login ID for the tenant (UPN) on the domain. The the UPN (user principal name) of the Active Directory user from the ADFS server (for example, [email protected]).

Authentication Provider

The tenant ADFS that you created.

7.Click Save. The application closes the window.

8.Click Save.

9.Repeat this procedure for each user.

When setting up authentication, users must use their external authentication login when logging into Neurons for ITSM, not their internal login ID.