User Import & Managment FAQ's
ESM Directory :-
Role Required --> Organization Admin
Enterprise Service Management (ESM) in ServiceDesk Plus Cloud enables organizations to efficiently manage multiple service desk instances while handling key administrative tasks such as configuring organization details, managing users, verifying domains, configuring SAML authentication, and customizing the ESM portal and its URL. It also allows seamless portal switching and the creation of dedicated service desk instances for different departments. Users synced from Active Directory directly to the instances will be listed under user management. Additionally, users across various Zoho/ManageEngine subscriptions are displayed here, and deleting a user from the ESM Directory will permanently revoke access to other Zoho services like Zoho Mail, CRM, and People, making it an irreversible action.
1. I am getting this error when trying to import. IAMERROR:0116:Cannot add user – Max limit exceeded.
By default, the user login count is set to 1000. Depending on the organization's requirements, this limit can be increased by our IAM team. Kindly drop an email to SDP cloud support with your requirement to have the limit increased as needed.
2. I have verified my domain, but there are some users who had received email invites during the Azure sync.
Please verify if these users already have an existing Zoho account. You can do this by asking them to sign in to accounts.zoho.com (this may vary based on the data centre). If no account exists, they will receive an error message. If an account does exist, they will need to accept the invitation to join SDP Cloud.
3. Where can the admin reset MFA for their organization’s users?
Please click on the bento icon in the top left corner and click on Zoho Directory →Users → Select the user and click on Reset MFA.
Please click on Applications and add the SDP Cloud App if youre signing here for the first time.
Role required → Organizational Admin.
4. How to add secondary email address to a specific user without affecting the data in SDP Cloud?
The Org admin can click on the bento icon in the top left corner and locate "Zoho Directory" at the bottom of the tab.
- Click on "Applications" and add the application "ServiceDesk Plus"
- Once done, click on "Users" → Select the specific user and click on "Manage Email Address."
- Add the new email address and set it as the primary address by clicking the star icon in case if you would like to receive the notification from the same address.
The purpose of having a secondary mail address would allow the user to access the application using multiple email addressess.
5. Can we restrict access to the SDP Cloud application based on a specific IP address range?
If the admin wants to impose IP restrictions for all users in the organization, this can be done in Zoho Directory. Navigate to the bento icon in the top left corner → Zoho Directory → Security → Default Policy → Allowed IPs.
For setting restrictions on a specific account, the user can go to their username in the top right corner of SDP Cloud → My Account → Security → Allowed IP Address.
6. What happens if users are deleted from the ESM Directory?
1. Deleting users from the ESM Directory will also revoke their access to other Zoho services, such as Zoho Mail, CRM, People, etc. Therefore, it is not recommended to delete users from the ESM Directory. Once deleted, the user account will be permanently removed and cannot be recovered.
2. In terms of SDP Cloud, deleting the requesters will not affect the closed tickets and open tickets that are created by them in the application. The Requester name field will remain the same. When you delete a requester, it will delete all notification, Escalation and Work flow setting associated with the user in the application.
3. If you are deleting a technician, closed tickets will remain the same but the open tickets will go unassigned. When you delete a technician, it will delete all the notifications, escalations and workflow settings associated with the technician. Deleting a technician will not affect the settings like SLA, BR created by that technician in the application.You will be able to report on the past tickets, also you wont loose any data from the application.
4. When you convert a technician to requester, the tickets that were assigned to the technician will go unassigned. The user is no more a technician and cannot view or take an action on the tickets to which he was assigned before. This is by the design of the application. Once you convert a technician in to requester, you may need to manually assign technicians to those unassigned tickets.
7. I am trying to add a user to my SDP Cloud account, but I am receiving an error message IAMError:U123 on the screen. How should I proceed? "User present in a different organization; remove this association to perform the action".
Users cannot be part of multiple Organization accounts. If the user belongs to a valid Organization, we can verify and recommend an Organization merge. However, if the user is part of an individual Organization, you can suggest they delete that account to be added to the current Organization account. If you're unsure, please reach out to support to verify the subscription. Once deleted, the account cannot be recovered.
Individual Organization → A user who created their own Organization account for testing purposes or is associated with a previous employer’s Zoho subscription.
8. I am trying to add a new technician, and I'm receiving the message "Email entered is already in use." How can I resolve this issue?
The email address you're trying to add is already available within the instance. Please navigate to the requesters list, check if the email address is already listed, and click on the gear icon to convert the requester to a technician.
9. Failed to import users because this operation exceeded the maximum login user count in the application. Please write to our support to increase your maximum login user count.
By default, IAM provides a login count limit of 1,000. Once this limit is reached, no additional users to SDP Cloud, and a sync error will be displayed.
To resolve this, contact IAM support to increase the login count according to the customer's requirements.
Once the limit is increased, inform the user, and the sync will resume at the next scheduled time.
If user space is available, but an error persists, advise the user to trigger a 'Restart Sync'."
We will show the Restart Sync option in the configuration page only for Enterprise customers.
10. What are the permissions for Super Admin, Org Admin, and SD Admin, and how can these roles be assigned to other users?
The person who initially signs up will be designated with all three admin privilege which can be changed later.
Super Admin:
The person who initially signs up will be designated as the super admin. This role can be assigned to another user by navigating to the bento icon in the top left corner → ESM Directory → Organization Details → Primary Contact.
The super admin can bypass SAML configuration and log in using the global URL. This privilege allows users to sign in without issues during any SAML misconfiguration or certificate expiry.
This role grants access for confirming changes before proceeding with any backend modifications for your organization.
SD Admin:
Within a specific instance, the SD Admin plays a key role and holds the highest privileges compared to other technicians or default roles.
However, even with the SD Admin role, the user requires Organization Admin privileges to enable login access for users.
Org Admin:
Technicians with the Organization Admin role can be identified by the crown icon next to their username. To view this, navigate to the bento icon in the top left corner → ESM Directory → Users.
This role can be assigned to others by selecting a user profile in the ESM Directory → Users, then scrolling to the bottom and enabling the toggle icon.
Technicians with the Org Admin role have user management privileges, can enable logins for users, and have access to the ESM Directory and Zoho Directory.
11. What happens if the current SDAdmin, Org Admin & Super Admin deletes their account in Zoho Directory before transferring ownership?
Although we restrict the only last admin to get deleted from the application. If any such scenario occurs, you can reach out to support.
However, it is advised to follow the process of reassigning ownership before deleting the admins.
12. I am enabling login to the requester but ending up with the below message, I shouldnt be getting this as I am the SDAdmin of this instance.
Technicians with the Org Admin role have user management privileges, can only enable logins for users, and have access to the ESM Directory and Zoho Directory. They can be identified by the crown icon next to their username. To view this, navigate to the bento icon in the top left corner → ESM Directory → Users. This role can be assigned to others by selecting a user profile in the ESM Directory → Users, then scrolling to the bottom and enabling the toggle icon.
13. I am enabling bulk login to requesters from the user list view but unable to find the option under Actions. Please help.
a. Bulk login can be enabled by navigating to Setup → Users & Permissions → Users. Click on the filter drop-down and select 'Requesters'. Then, select all users, click on 'Actions', and choose 'Enable Self-Service Login'.
b. Bulk login can be enabled only if you're on a Free or Paid subscription. Trial users will not be able to find the 'Enable Self-Service Login' option under Actions.
You can enable up to 100 users at a time. If you have more than 100, you can make use of import option or AD integration to achieve the same.14. I am evaluating the SDP Cloud instance and trying to enable bulk login from the requester list view but no option found under the Actions.
Bulk login can be enabled only if you're on a Free or Paid subscription. Trial users will not be able to find the 'Enable Self-Service Login' option under Actions.
15. What will "import from Organization" under the requesters list do?
This option will display users from the ESM Directory, allowing you to view all organization users across different Zoho applications.
16. Is it possible to take user sign-in reports?
Yes, user sign-in reports can be generated by clicking on the bento icon in the top left corner → Zoho Directory → Reports → Sign-in Activity.
17. How can I export the entire users list from SDP Cloud?
Users can be exported by navigating to Setup → Data Administration → Export Data and selecting the 'Users' module. Currently, the export is restricted to 3,000 records. If you have more than 3,000 records, please contact our support team via email.
18. I would like to set up a session management and IP restrictions for SDP Cloud?
Yes, both IP Restrictions and session management can be set up by clicking on the bento icon in the top left corner → Zoho Directory → Default Policy, or by selecting the configured policy → Advanced Settings/IP Restrictions.
19. IAMError:Z112
This error message indicates that the user is already present in a different data centre. Please share the user's email address so we can verify whether they have a personal or paid subscription and advise on the next steps.
20. IAMError:AS101
This error indicates that the user is marked as SPAM on the IAM end. Please provide us with the list of users so we can verify and unmark them as spam.
21. What is the proper procedure to delete the user across all the ME/Zoho services?
For the above case, it is better to suggest the user to reach IAM or Zoho Directory Support team who can verify the data associated to their account properly and suggest them the actions to be performed.
However, we do have the option to delete the user from ESM Directory which will remove all their subscriptions. Deleting users from the ESM Directory will also revoke their access to other Zoho services, such as Zoho Mail, CRM, People, etc. Therefore, it is not recommended to delete users from the ESM Directory. Once deleted, the user account will be permanently removed and cannot be recovered.
22. Is it possible to restore a deleted user account?
Before deleting the user account, we would provide the disclaimer or alert mentioning that this would result in data loss and it would be at the user consent to proceed further with the expected outcome and the account cannot be restored.
23. How many ways are there to import users in bulk within SDP Cloud?
1. Manual Bulk Login - Upto 100 users
2. Via CSV import - 3000 Users
3. AD Import
24. I am a Requester/ Technician and I want to change my login email address in the application.
Kindly follow the below steps if youre about to change your own email address,
User can log in to SDP Cloud and click on the username in the top right corner and select "My Account."
2. User will be redirected to accounts.zoho.com to verify their credentials in order to make any changes to their accounts page. Once done, they can click on "Email Address" under their profile.
3. Add the new email address. An OTP will be sent to the email for confirmation. After verifying, set it as the primary email address by clicking on "Set as primary."
You can use both email addresses to log in; however, only the primary email address will be used for notifications triggered from the application.
25. Some of our users are seeing a "Review the sign-in URL" message when trying to sign in to ServiceDesk Plus Cloud. What could be the cause?
This message appears when users attempt to sign in using a direct link or from a site not listed as a trusted domain within your organization. It's part of a recent security enhancement aimed at preventing open redirection vulnerabilities and ensuring the authenticity of sign-in attempts.
If users are unsure about the URL shown, they should contact their administrator before continuing.
Kindly refer to this link to know more, https://help.zoho.com/portal/en/community/topic/improved-security-in-saml-oidc-sign-in-redirection-flow
26. I’m not able to add or modify the sub-domain/custom service URL under ESM Directory in ServiceDesk Plus Cloud. Why is this happening?
We’re making upcoming security and sign-in enhancements. As part of this change, adding or editing custom service URLs using the default ServiceDesk Plus Cloud domain has been restricted. Soon, existing subdomains will automatically redirect to your organization’s custom domain or the global URL (sdpondemand.manageengine.com). Your login credentials will remain the same, old links will still work for a limited time, and there will be no service downtime during this transition.
Kindly refer to this post, https://pitstop.manageengine.com/portal/en/community/topic/upcoming-change-in-servicedesk-plus-cloud
New to ADSelfService Plus?
Related Articles
Azure AD User Sync – Overview
Helpguide --> https://help.sdpondemand.com/azure-ad-user-sync Azure AD User Sync, when enabled, gets users from Azure periodically and adds/updates/deletes them in SDP. The sync flow is mainly categorized into 2 parts: Initial Sync and Incremental ...Common Errors During Azure User Sync and Their Resolutions
Helpguide --> https://help.sdpondemand.com/azure-ad-user-sync a. IAMError:U123 This indicates that the user is part of a different organization. A user can be part of only one organization account. If the user belongs to another valid account, they ...Users not added/updated to SDP - Azure AD User Sync
Helpguide --> https://help.sdpondemand.com/azure-ad-user-sync a. Check whether Initial Sync is completed When Azure AD has a large set of users, it might take time to process and sync all of them. Once the Initial Sync is completed, all users would ...Azure AD User Sync integration is getting disabled / Error message shown in Azure AD User Sync card
Helpguide --> https://help.sdpondemand.com/azure-ad-user-sync When the integration is automatically disabled or the sync is not running, it might be due to one of the following reasons. These errors will be displayed in the Integration Card and will ...Users are not deleted/login revoked - Azure AD User Sync
Ensure the configurations are selected correctly by navigating to: Setup → Apps and Add-ons → Integrations → Azure AD User Sync. Also, verify that the user has been synced at least once previously through Azure AD User Sync or Import from Azure. This ...