Documentation forService Desk

Single sign-on and provisioning

On this page

Introduction

Service Desk lets administrators connect to your SSO/SAML provider. You can choose to connect to Google and/or one of the SAML platforms below. (You may connect simultaneously to Google and to one SAML platform.)

SSO and provisioning are not tightly coupled. For example, SSO allows administrators and users to log into Service Desk. After login, administrators can use provisioning to create user accounts and select the data to be added to those user accounts. By configuring user provisioning, user attributes can auto-update. See Provisioning with Microsoft Entra Connect Cloud Sync.

Provisioning for ESM customers

For ESM customers, provisioning is processed differently. Some customers may have provisioned for ITSM before migrating to ESM, while others may not have.

Steps for ESM provisioning

What you can provision is dependent on your provisioning provider.

Step 1: Ensure provisioning at the organization level

Before you begin, determine whether your organization has already performed any provisioning.

  • For those who previously provisioned before migrating to ESM

    Replace the token in the existing app with the token from the organization. Do not make any changes to the URL.

  • For those who have never provisioned

    Provision users to the organization level. If your provisioning provider allows you to provision roles, you can also do that here.

    1. Create a dedicated app in your provisioning provider platform.

    2. Use the organization token for the provisioning process.

    3. Use the organization URL.

Step 2: Provision at the service provider level

If you want service providers to be able to create roles and manage them at the service provider level, follow these steps:

  1. Create a dedicated app in your provisioning provider platform.

    • Use the organization token for the provisioning process.

    • Use the specific service provider organization URL.

  2. Repeat the role-provisioning process for any service provider that should be able to create and manage roles.

Navigation

ITSM customers ESM customers
Setup > Account > Single Sign-On Organization > Setup > Account > Single Sign-On

Single sign-on methods

You can use the following methods to enable SSO. The links below provide connection and/or configuration information for each method.

Troubleshooting: Bypass SSO and use native login page

If you are experiencing an issue with single sign-on and are unable to access your Service Desk to modify the settings or want to know what URL(s) to provide to users who are not permitted to use SSO authentication:

  • Non-ESM customers: You can bypass your defined SSO method by using the URL https://ACCOUNTNAME.samanage.com/login?native=true

    If you have domain mapping enabled, you can also use the URL https://subdomain.<parent-domain>/login?native=true

  • ESM customers: You can bypass your defined SSO method using the URL https://org-ACCOUNTNAME.samanage.com/login?native=true

    If you have domain mapping enabled, you can also use the URL https://subdomain.<parent-domain>/login?native=true

These URLs will present your Service Desk's native login page without redirecting to your SSO provider.

Related topics

Login policy