About external authentication configuration
•About authentication providers
•Adding an authentication provider manually
•Setting Up Users for Authentication
About authentication providers
An authentication provider is a way of linking Neurons for ITSM to a service that provides authentication services for you.
Use the Authentication Providers workspace to manage multiple authentication providers for user accounts with authentication credentials that were already established elsewhere.
There are two ways to add an authentication provider: either manually, as described in Adding an authentication provider manually, and by using metadata, as described in Adding an Authentication Provider by Importing Metadata.
Adding an authentication provider manually
1.From the Configuration Console, click Configure > Security Controls > Authentication Providers to open the Authentication Providers workspace.
2.From the New Record Menu drop-down list, choose an authentication provider:
Option | Description |
---|---|
New ADFS/SAML |
The customer web portal site acts as the SAML identity provider, and the Neurons for ITSM web application server acts as the service provider. Refer to Setting Up ADFS Authentication in Ivanti Neurons for ITSM. |
New LDAP |
You can employ multiple LDAP providers. Refer to Setting Up External Authentication with LDAP. |
New Open ID |
Open ID providers (Open ID site, Google, Yahoo, etc.) perform the authentication. When logging into Neurons for ITSM the first time, click the Open ID link. You are redirected to the Open ID site to authenticate. Upon authentication, you are redirected to Neurons for ITSM. Refer to Setting Up Authentication for OpenID. The application stores the cookie used for authentication, and subsequent login attempts skip the redirection. |
New OpenID Connect |
Creates an OpenID Connect for Google or Microsoft Azure. Refer to Setting Up Authentication for OpenID Connect with Google and Setting Up authentication for OpenID Connect with Microsoft Azure. |
New Windows Integrated | Allows you to directly set up AD authentication. Refer to About Windows Integrated Security. |
Setting Up Users for Authentication
After you create an external authentication provider, you can select it when creating and updating employee records.
Users can click a link on the Neurons for ITSM login page that directs them to their identity provider website and log in from there, or they can use authentication to log in from an URL sent via email, as described in Logging in or Accessing Records Using URLs.
If a user does not have an employee record and if auto provisioning is selected in the authentication provider record, the application creates an employee record for the user when they log in via ADFS/SAML, Open ID, or OpenID Connect. Refer to Setting Up Authentication for ADFS/SAML, Setting Up Authentication for OpenID, Setting Up Authentication for OpenID Connect with Google, and Setting Up authentication for OpenID Connect with Microsoft Azure.
If you are creating only a few users, you can set the authentication provider by following these steps:
1.Log in to the Service Desk Console.
2.Open the Employee workspace. The application displays a list of employees.
3.Open the employee record to set up authentication for.
4.From the Details tab, check Enable External Auth.
5.For the Login for External Auth field, click Add new.... The application displays the New External Login dialog box.
6.Enter data into the fields.
Field | Description |
---|---|
Login |
The login ID for the tenant (UPN) on the domain. The the UPN (user principal name) of the Active Directory user from the ADFS server (for example, [email protected]). |
Authentication Provider |
The tenant ADFS that you created. |
7.Click Save. The application closes the window.
8.Click Save.
9.Repeat this procedure for each user.
When setting up authentication, users must use their external authentication login when logging into Neurons for ITSM, not their internal login ID.
This feature is Early Access only and may not be available in your environment. For more information, please contact your Customer Success Manager.
To set up users for a unified product experience using OIDC, refer to Setting up users for OIDC via Neurons Platform