How to integrate ADManager Plus with HaloITSM for efficient user life cycle management

How to integrate ADManager Plus with HaloITSM for efficient user life cycle management

HaloITSM is an all-inclusive ITSM software solution that can help you manage incidents in your organization and meet your SLAs. By integrating HaloITSM with ManageEngine ADManager Plus, you can automate identity life cycle management, streamline procedures, and manage employees efficiently.

Key highlights of integrating ADManager Plus with HaloITSM

  1. Multi-platform user provisioning: Automatically create user accounts across various platforms, including AD, Exchange, Microsoft 365, and more, when new employees are added to the HCM application.
  2. Reduce security risks caused by inactive accounts: Automatically delete or disable user accounts, remove their licenses, and more each time a user record is deleted in the HCM application.

Actions supported

Upon integrating HaloITSM with ADManager Plus, you can:

  • Create user accounts

  • Delete user accounts

  • Disable user accounts

  • Modify user account properties

  • Remove Microsoft 365 licenses

  • Add users to groups

  • Remove users from groups

  • Move users across groups

  • Modify user attributes with templates

  • Create mailboxes

  • Disable mailboxes

  • Delete mailboxes

  • Reset passwords

  • Move the Home folder

  • Delete the Home folder

  • Manage users' photos

  • Configure auto-reply settings

  • Disable Lync accounts

  • Run custom scripts


Follow these steps to integrate ADManager Plus and HaloITSM:

  1. Open ADManager Plus and go to the Automation tab and click HCM Integrations from the left-side panel.

  1. Under HCM Applications, click Custom HCM to add a new HCM integration.

  1. In the Custom HCM Integration page, add the Name and Description of the integration. You can also add a custom logo for the HaloITSM tile.

  1. Click Save.

  1. Now, the HaloITSM tile will appear under HCM Applications. Click the tile to configure API authorization methods, endpoints, and LDAP data mapping.

  1. Under the Authorization section, select OAuth2.0 from the Authorization Type drop-down menu. Refer to HaloITSM's authorization document here.

  1. Enter the following details:

    1. Header Prefix: Specify a prefix value for your authorization header.

    2. OAuth 2.0 Grant Type: The authorization code is the default grant type.

    3. Callback URL: The Callback URL is where you will be redirected to after authentication. This should be registered with the API provider.

    4. Auth URL: Specify the Authorization Endpoint URL. (<tenantname>)

    5. ​Access Token URL: Enter the OAuth server URL where the application can exchange the authorization code for an access token. (<tenantname>)

    1. Client ID and Client Secret: Enter a valid ID and its secret key.

    2. Scope: Specify the permissions you want for the required action.

    3. Click Advanced Options and choose the headers and query parameters from the Add To drop-down menu.

  1. In the API Endpoint Configuration section, add the following:

  1. Endpoint URL: Enter the Endpoint URL. (https://<host>/api/Users)

            Note: Click here to view HaloITSM's API references.

  1. Click Advanced Options to add headers and parameters.

  1. Method: Choose between the HTTP request methods Get and Post.

  1. Headers: Click and configure the respective HTTP headers.

  1. Parameters: Cick and configure the query parameters.

  1. Message type: Select None.

  1. You can also check the Repeat calling this Endpoint option to repeatedly call the API until you get the required response, if needed. From the drop-down menu, select the parameter and specify the increment value. You can also set a condition, which when satisfied, calls the endpoint repeatedly. This step is required only when the complete user list retrieval needs repeated calls.

  1. Once done, click Test & Save. A response window will display all the requested elements.

  1. Click Data Source - LDAP Attribute Mapping to match endpoints and to map AD LDAP attributes with the respective attributes in the HCM solution.

  1. Enter the Configuration Name and Description, and select the Automation Category from the drop-down menu.

  1. In the Select Endpoint field, choose those columns that are unique to users (employeeIdenifier, username, etc.). The values in these columns should be consistent across all the endpoints.

  1. In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop-down menu and map it with the respective column in the HCM solution.

  1. Click Save.

Note: While configuring an automation, select HaloITSM as the Data Source to automate user management easily. Click here to learn more about automation configuration.

Steps to generate the client ID and the client secret in HaloITSM

  1. From the home page of HaloITSM application, navigate to the menu bar in the left-hand corner and choose Configuration.


  1. Then, go to Integrations β†’ HaloITSM API and choose View Applications β†’ New.




  1. In the Details page, select the required Authentication Method (e.g., Authorization code). You can now find the Client ID, Client Secret, Redirect URI, and other information required for authentication.

  2. In the Permissions page, select the required permissions. These permissions define what features this application can access. They must be specified in the scope parameter of any authentication request.

Sample Postman configuration to get access token

Required credentials:

  • Access Token URL:<tenantname>

    • "response_type" - Must be "authorization_code"

    • "client_id" - Must be your applications client id

    • "redirect_uri" - Must be your applications redirect URI

    • "scope" - Must include any application permissions that are required by your application; if unsure, set to "all”


  1. Navigate to Postman (

  1. Fill in all the required parameters and click Get New Access Token.

  1. In the HaloITSM login page that appears, enter your login credentials and authenticate yourself.

  1. Once the authentication is completed, the server should respond with Status code 200 if the credentials are valid. This response will contain the Access Token and Expiry Time as well as a Refresh Token if the offline_access is specified.

  1. Once you get the Access Token, you can use it in the API request. Here is an example of API integration to retrieve all the users:

    1. Method:   GET

    1. API:   https://<host>/api/Users


Sample response


    "record_count": 1,

    "users": [


            "id": 26,

            "name": "Baskar Balaji",

            "site_id": 18.0,

            "site_name": "Main",

            "client_name": "DemoDoftware",

            "firstname": "Baskar",

            "surname": "Balaji",

            "initials": "BB",

            "emailaddress": "",

            "phonenumber_preferred": "9092409380",

            "sitephonenumber": "",

            "phonenumber": "9092409380",

            "telpref": 0,

            "activedirectory_dn": "",

            "onpremise_activedirectory_dn": "",

            "login": "",

            "inactive": false,

            "colour": "#2bd3c6",

            "isimportantcontact": false,

            "neversendemails": false,

            "priority_id": 0,

            "linked_agent_id": 3,

            "isserviceaccount": false,

            "isimportantcontact2": false,

            "connectwiseid": 0,

            "autotaskid": -1,

            "use": "user",

            "client_id": 12




                    New to ADSelfService Plus?