Creating the Web Applications
After you have created an Application Pool on the web server for your instance, you can create the IIS web applications that Service Desk and Asset Manager uses.
If you created your instance using the Standard Instance link (see Creating an instance), a single configuration of each of the available Applications will already have been created and prefixed with the instance name that you provided.
You can create the following applications:
- Service Desk Framework – the core application service for Ivanti Service Desk and Asset Manager, providing services to the Service Desk and Asset Manager applications
ALL Service Desk and Asset Manager systems need at least one Service Desk Framework – you cannot create the other applications until you have created one of these.
- Web Access – the web-based delivery platform for Ivanti Service Desk and Asset Manager
- BridgeIT – Ivanti's responsive web architecture, which provides Ivanti Workspaces
- Identity Server – a login authorization service that provides both Explicit and Token logon policies for internal systems
When you have created a web application, a Diagnostics links appear alongside it. This link enables you to configure diagnostic logging. For more information, see Diagnostic logging.
To create a Service Desk Framework or Web Access web application:
- In the Ivanti Configuration Center, open the required instance.
- Under the Available Applications heading, click Create alongside the required application.
The Create Application dialog appears. - Complete the fields on the dialog as detailed below:
Name – defaults to <instance.application>. This is used to generate the application's URL, which will be of the form https://<server>/Name.
Application Pool – the application pool that you want to add the application to.
Database Provider – displays the type of database you are using (SQL Server); use the other fields in the Database connection details group box to connect to your database.
Alternatively, select the Specify as connection string? check box and type the connection information, separating each element with a semi-colon. Refer to your data provider documentation for details about the connection string format. You may need to insert extra parameters for your database.
Click Test to ensure that the database exists, and that the user name and password are valid. If the test succeeds, then a connection exists; if it fails, then ensure that the details you provided are correct and the database is set up and working correctly, then click Test again.
Logon policy – enables you to specify the logon policy; for more information, see Setting the Logon policy and Setting up users to use integrated or secure token logon.
Command timeout (seconds) (Framework only) – specifies how long the Configuration Center will wait for an upgrade to complete.
Free text search index path – sets the path to the knowledge data.
Event Manager User Name (Framework only) – the system user account that you want Event Manager to use.
RSS Web Generator Author (Framework only) – the name of the author for the RSS Web Generator.
Detailed error information enabled (Web Access only) – enables the Further Details button on exception pages in Web Access. For security reasons, we recommend that this option is usually set to False.
Telephony enabled (Web Access only) – enables the telephony integration features of Service Desk in Web Desk. For more information, see Telephony Integration.
Make sure that the Free text search index path value for both the Service Desk Framework application and the Web Access application point to the same location. This ensures that your searches give the same results from both the Ivanti Console and Web Access applications.
Reports path (Web Access only) – sets the path to the reports that are used when users click in Web Access to print details of the Incident, Problem, Change, or Request that they have open. For more information, see Enabling printing of processes in Web Access.
Enable Custom CI Actions – enables or disables actions created from a collection on a CI from always appearing, so that it appears only at the statuses that you have specified. For more information, see Actions.
- If you are creating Framework application and you want to created a linked BridgeIT application, select the Create linked BridgeIT instance check box.
- When you have completed the fields above, click OK.
The Application is created, and the Configured Applications section updates.
When you have created a Service Desk Framework application, an Upgrade link appears, which starts the Metadata Manager. For more information, see Upgrading the Ivanti database.
You can, if required, set up your Application services on this server. However, we recommend that you create a separate Application Services server to run these services. For more information, see Setting up the Application Services Server.
If you set up an Application Services Server, make sure you have only one instance of each service running at any time. If you have a service running on your Application Services Server, make sure that it is not also running on your Web Server.
Creating a BridgeIT web application
The easiest way to create a BridgeIT web application to provide the Ivanti Workspaces application is to select the Create linked BridgeIT instance when you create a Framework application. If you create a BridgeIT application to provide Ivanti Workspaces separately, you need to enter the URL to the Framework application that you want to use in the LDSD Web API URL box.
There are also fields referring to LDMS, Avalanche, and AOD, which are used only if you are using BridgeIT with Ivanti Endpoint Manager, Avalanche, or Avalanche on Demand. Refer to the documentation provided with Ivanti Endpoint Manager and Avalanche for information about these fields.
Creating an Identity Server
Identity Server is a Secure Token Service that delivers OAuth2 and OpenID Connect tokens. It acts as a login authorization service that replaces the logon policy for BridgeIT. Using this service, you can utilize single sign in and federated authentication for internal systems.
End users obtain authorization to access resources via authentication redirection. Using this secret exchange, user clients obtain access tokens needed to use Workspaces.
For more information about setting the logon policy, see Setting the Logon policy.
To configure an Identity Server:
Set the following values:
Identity Server Secret – this is automatically generated by Configuration Center when the Identity Server application is created. If you create a new secret using Generate, this value must be added to BridgeIT, Framework, and Web Access applications as well.
LDSD Web API Url – identifies which framework to use for Web Access.
Allow Explicit Logins – allows users created within the Service Desk database to log in using their Service Desk credentials. A value of True means it will allow these users to log in, whereas False will not. We recommend setting this to True.
Allow Windows Logins – allows users to log in using their LDAP credentials. User credentials are pulled from your LDAP database.
When using both Endpoint Manager and Service Desk, we recommend enabling both Allow Explicit Logins and Allow Windows Logins to allow all login types.
User Consent Expiration (Days) – specifies how many days must pass before a user is required to give consent for using their login credentials on the Identity Server.