How pass through authentication works in ServiceDesk Plus

How Pass Through Authentication Works

NTLMV2 is a protocol supported by Microsoft in order to overcome the security issues of NTLMV1 and the same is implemented in ServiceDesk Plus.

What's the protocol defines?

When a service wants to initiate the Single-sign-on, first a secure channel has to be built with the domain controller and the same has to be used by the service for further authentication process with the ActiveDirectory. In a multi-domain environment, the service will have the secure connection with only one domain controller and the same will authenticate the users of the other domains using the trust relationship with that domain.

ServiceDesk Plus has implemented the secure channel to the Active Directory using the NETLOGON service via a computer account. For enabling a NetLogonservice that computer account requires a password.

NetLogonservice is the internal communication channel of Microsoft. One computer will create a unique identity in the domain and create some random password for the further communications within the domain. For eg, When the user tries to log in, the computer will produce its identity to the AD and then it tries to authenticate the user. The user accounts are used for access privileges and it cannot communicate with AD directly so we are using the computer account for NETLOGON. Since the password is generated randomly at the time of registering a computer under a domain and the same is not required to expose there is no option to reset password in the AD.



ServiceDesk Plus uses the VBScript to create a computer account and set the password for the same. If the same can be achieved by any other means, then that information can be used by the ServiceDesk Plus for Pass-through-authentication.

From 7600 version, ServiceDesk Plus Pass-through authentication uses NTMLV2 which provides better security and validates the credentials using NETLOGON service and NTLMV1 will no more be supported. When you do an upgrade from 7514 to 7600 version, PassThrough Authentication will be automatically disabled and you may have to reconfigure it, which requires a New computer account creation in theActive Directory. Further, the authentication of the Active Directory credentials is going to be authorized through this Computer Account.

                  New to ADSelfService Plus?

                    • Related Articles

                    • SSO - Single Sign on pass through - An illustrated config manual_NOT IN USE

                      NTLM SSO is discontinued. Only SAML SSO is supported. Refer here. Access Requirements: Direct access to the Domain Controller. Direct access to the ServiceDesk Plus server. Procedure: (As a best practice, I recommend you to do this activity directly ...
                    • How to redirect ServiceDesk Plus URL from HTTP to HTTPS

                      Follow the steps given below to set up the redirection from HTTP to HTTPS, For version 9.4 and above Step 1: Go to the below location and open the file 'server.xml' with a word pad and add the below entry in the file as shown in the image. ...
                    • Implementing secure gateway server for ServiceDesk Plus

                      As per the RBI guidelines, FOS and Secure Gateway Server features are mandatory for all hosted software used in the banking domain. We can achieve a service gateway server in the service desk plus by following the below steps: Steps to Integrate with ...
                    • Host ServiceDesk Plus on the Internet

                      In order to make ServiceDesk Plus available for users on Internet, let us assume the following scenarios. Scenario 1: ServiceDesk Plus is installed in LAN and should be available in LAN and WAN: Assume ServiceDesk Plus is installed on a server in the ...
                    • Syncing ServiceDesk Plus Change Calendar with Outlook Calendar

                      We’re excited to announce that we've developed a solution to help you sync the ServiceDesk Plus (SDP) Change Calendar with your Outlook Calendar! This feature has been highly requested by many of our customers. While we are working on a native ...