How to configuring Pass-Through Authentication ( SSO) in ServiceDesk Plus ?

How to configuring Pass-Through Authentication ( SSO) in ServiceDesk Plus ?

Note: If the login page is customized, Pass-Through authentication will not work as it can't make use of the session variables set in login.jsp file

The following instructions will help you to configure Pass-through authentication under Admin – Active Directory.

Select the checkbox to activate Single Sign-on.

Please choose the Domain name. You can enable Pass-through authentication for users from a particular Domain/AD forest. For authentication to happen for other domain users, the other domain should have a parent-child relation. In case of Parent-Child domain, only the parent domain should be selected here.

DNS Server IP

Specify the DNS Server IP of the domain in the provided field and to make sure you are entering the correct credentials for (3. DNS Server IP &5.Bind String) you may open a command prompt from the application server and execute ipconfig /all which will list the Primary DNS suffix which can be used as the Bind string and first IP-address under DNS servers can be used under DNS server IP. Refer to the screenshot below:

Bind String

The Bind String parameter must be a fully qualified DNS domain name or the fully qualified DNS hostname of a particular AD server.(The name found at the top of OU tree in the active directory.)

DNS Site

Find the site name under which the domain controller is mapped
the "Active Directory Sites and Services" from the domain-controller as shown below.

Computer Account

To use the NTLM security provider as an authentication service a computer account needs to be created in the Active Directory with a specific password which meets the password policy in the Active Directory.Specify a unique name for the Computer Account and Password for this account.

Note: Make sure that your password should comply the password policy of the domain. Then the computer account name should not be more than 12-characters and should not have any special characters in the same.

Note: An active user account cannot be specified as a computer account.

Upon saving the details, a new computer account will be created in the Active Directory (with the help of VB Script which will run in the background) and at the same time the details
 saved in the application database under a table named "
jespaconfiguration "

If you are specifying existing computer account name, the password specified here will be also be set on the Active Directory for that computer account. You can also choose to reset the password of computer-account by clicking on the Reset Password link as well.

If it throws an error while creating a Computer Account or resetting password (of an already created Computer Account) from the application, the details specified on the window will be saved in the application database and user can later execute the scripts locally on the AD-server specifying the same details (mentioned in the application) to create computer account / reset password.
          • Related Articles

          • Problem while creating the computer account for SSO

            Once the SSO configurations are done. It will try to create the computer account in Domain controller using the VBScript. If the script execution is being blocked. We need to copy and execute the same under DC. To Create and set password for a new ...
          • How Pass Through Authentication Works

            NTLMV2 is a protocol supported by Microsoft in order to overcome the security issues of NTLMV1 and the same is implemented in ServiceDesk Plus. What's the protocol defines? When a service wants to initiate the Single-sign-on, first a secure channel ...
          • How to set computer password for a computer account created under a Child OU.

            Creating computer account in Active Directory is one of the requirements of configuring Pass-through Authentication. As this computer account will be used for validating credentials with NetLogon services in DC. However, few customer environments do ...
          • How to reset administrator password in ServiceDesk Plus.

            1. Access your ServiceDesk Plus server and browse to [your drive]:\ManageEngine\ServiceDesk\bin. 2. Click changeDBServer.bat. Information on the configured database will be displayed.   If the database is MSSQL, go to the SQL Management Studio, go to ...
          • How to integrate ServiceDesk Plus with OpManager

            Log in to ServiceDesk Plus. 1. Go to Admin>>General Settings >>ME Integrations. 2. Click on OpManager. 3. Provide the OpManager server name, port number, and protocol information. 4. Click Test Connection and Save. Log in to OpManager. 1. Go to Basic ...