Documentation forService Desk

ADFS SSO configuration and provisioning

On this page

Introduction

To configure ADFS 3.0 SSO with your Service Desk account you will need to access both the ADFS Management Console and the Service Desk application.

You can simultaneously connect ADFS and Google.

Navigation

ITSM customers ESM customers
Setup > Account > Single Sign-On Organization > Setup > Account > Single Sign-On

Instructions

The instructions below cover all aspects of the configuration process:

Step 1 - ADFS 3.0 Management Console

  1. Log in to the ADFS Management Console.
  2. Navigate to the Actions menu and select the wizard Add Relying Party Trust.
  3. Click Start.
  4. Enter the Metadata URL for your Service Desk instance, and then click Next.

    Example: https://<accountname>.samanage.com/saml/metadata

    To copy the URL from your account:

    1. Navigate to Setup > Account > Single Sign-On.

    2. Select Enable Single Sign-On with SAML and copy the link in the Login URL.

    5. ESM customers need to edit all domain/account name references to redirect SSO to the organization level. For example:

    https://org-ACCOUNTNAME.samanage.com/saml/[companyname]
    or
    https://org.[DOMAINNAME]/saml/[companyname]

  5. Enter a name and description for the relying party.

  6. Skip the multi-factor authentication.

  7. Permit all users to access this relying party.

  8. Click Next.

  9. Click Close.

  10. In the Edit claim rules window, click Add Rule, and then follow the steps in the wizard.

    • Select Send LDAP Attributes as Claims for the rule template and click Next.

    • Set a rule name, set Active Directory as the attribute store and configure the appropriate attribute mapping. Then click Finish.

  11. Add a second rule; however, this time select the rule template Transform an Incoming Claim and click Next.

    • Set a rule name and set the following parameters:

      • Incoming claim type: ADFS 1.x E-Mail Address

      • Outgoing claim type: Name ID

      • Outgoing name ID format: Email

    • Select Pass through all claim values.

  12. Click Finish.

  13. Click OK to confirm changes.

You can now log in to Service Desk.

Step 2 -Service Desk

  1. Navigate to Setup > Account > Single Sign-On.
  2. Complete all fields
    • AD SF URL
    • Logout URL
    • Error URL
    • ADFS identifier
    • Identity Provider X 509 Certificate. (This is the Token-Signing Certificate from ADFS exported in Base 64-encoded X.509 [.CER].)

Step 3 - Just In-Time user provisioning

If you select Just In-Time Provisioning Support, click to check the Create users if they do not exist option to create SSO authenticated users in SWSD.

After users are provisioned, you must maintain the user account records through Service Desk. Any updates made in ADFS will not automatically populate in Service Desk.

Steps for ESM provisioning

What you can provision is dependent on your provisioning provider.

Ensure provisioning at the organization level

Before you begin, determine whether your organization has already performed any provisioning.

  • For those who previously provisioned before migrating to ESM

    Replace the token in the existing app with the token from the organization. Do not make any changes to the URL.

  • For those who have never provisioned

    Provision users to the organization level.

    1. Create a dedicated app in your provisioning provider platform.

    2. Use the organization token for the provisioning process.

    3. Use the organization URL.

Related topics

Single sign-on and provisioning