Azure AD integration with ServiceDesk Plus cloud
ServiceDesk Plus Cloud provides an option for IT administrators to integrate with Microsoft's Azure Active Directory for easy collaboration and user management. With this integration, there are two primary benefits:
- It provides centralized user management from the Azure AD portal and control over who can access ServiceDesk Plus Cloud
- Users can access ServiceDesk Plus Cloud with their existing Azure AD credentials.
This integration involves the following steps:
- Add Zoho from the Azure gallery
- Configure Azure AD Single Sign-on
- Assign Users
Prerequisites
- A valid Azure AD subscription
- A Verified Domain in ServiceDesk Plus Cloud
- An SDP Cloud account with users (Requesters/Technicians) already set-up
Adding Zoho from the Azure gallery
- Go to the Azure AD portal.
- Click the Azure Active Directory icon on the left navigation panel.
- Navigate to Enterprise applications and select All applications.
- Click the Add Application button at the top of the dialog box.
- In the search box, type Zoho.
- In the results pane, select Zoho and click the Add button.
Configuring Azure AD Single Sign-on
- In the Azure portal, click Single Sign-on in the Zoho application integration page.
- In the Single Sign-on selection, select SAML-based Sign-on.
- In the Basic SAML Configuration section, enter the following:
- Identifier: zoho.com
The Identifier varies according to the datacenter. Refer to the following table.
- Identifier: zoho.com
| Data Center | Identifier |
| India | zoho.in |
| US | zoho.com |
| EU | zoho.eu |
| AU | zoho.com.au |
| China | zoho.com.cn |
| Japan | zoho.jp |
| UK | zoho.uk |
| Canada | zohocloud.ca |
- Reply URL: https://accounts.zoho.com/signin/samlsp/<orgid>
Account URL varies according to the datacenter. Refer to the following table.
Data Center Reply URL India accounts.zoho.in US accounts.zoho.com EU accounts.zoho.eu Australia accounts.zoho.com.au China accounts.zoho.com.cn Japan accounts.zoho.jp UK accounts.zoho.uk Canada accounts.zohocloud.ca - Sign on URL: <custom URL pointed to SDP cloud> or use <sdpondemand service url>=sdpondemand.manageengine.com
Account URL varies according to the datacenter. Refer to the following table.
Data Center Sign on URL India accounts.zoho.in US accounts.zoho.com EU accounts.zoho.eu Australia accounts.zoho.com.au China accounts.zoho.com.cn Japan accounts.zoho.jp UK accounts.zoho.uk Canada accounts.zohocloud.ca - Relay State (Optional): The subdomain or custom domain you are using to access ServiceDesk plus (e.g.: https://zilllum.sdpondemand.manageengine.com (or) https://helpdesk.zilllum.com)
- Save the settings.
Replace <orgid> with the Organization ID obtained from ESM Directory > Organization Details.
Replace <service-url> with the URL that you use to log in to ServiceDesk Plus Cloud depending on whether your organization uses the default URL, custom subdomain URL, or custom domain URL to access the application. E.g.: https://sdpondemand.manageengine.com (or) https://zilllum.sdpondemand.manageengine.com (or) https://helpdesk.zilllum.com.
To learn more about the URLS used to access the application based on the Data Centers, click here.
To learn more about the SAML configuration in Azure, click here.
- In the Attributes & Claims section, enter the following details:
givenname: user.givenname
surname: user.surname
emailaddress: user.mail
name: user.userprincipalname
Unique User Identifier: user.userprincipalname
Note: If you are using mail as a Unique User Identifier with SDP, you need to change the value as user.mail for Unique User Identifier for the SAML to work.
- Click Certificate (Base64) in the SAML Signing Certification section and save the certificate file on your computer
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMjUxNC9ja2ZpbmRlci9pbWFnZXMvY2VydCgxKS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjQ5MjAwNjd9fX1dfQ__&Signature=V~qtH-1QaqBdIJRGvddf2WckMfJcgcxq3l8TK0wvVR-wNa7n9zVr2-2YvIitK7ry8evNAVWXNI5eK0Mh424DjH5DN~MbMjxFsO6S0pU-V1lQ35NHuUEupcPo3LUZjxdeEsITCX9zKpYxa94Qvyd91b~YD8EvjjN0BoEm14ilpxhdlEiDbUNP7iJt96qs-oXssj7ikXA9hGYkS10z0W5MTkgPiWZ5yVsFIsrm5FZ6YGwn-KwAx7SMJG7zcej~DodkoPyoeVVaD4Flw9WTddRLQsJDMMB05eZBeatPnMbTZfBlj5ZsWiRX6bb0DQnis-Uvb0YPw5ya1fVRyV~-FR73dg__&Key-Pair-Id=K2TK3EG287XSFC)
- Copy the Login URL and Logout URL
- In a different web browser window, log in to your ServiceDesk Plus cloud account as the super admin.
- Navigate to ESM Directory --> SAML Authentication
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMjUxNC9ja2ZpbmRlci9pbWFnZXMvZXNtLXNhbWwoMikucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0OTIwMDY3fX19XX0_&Signature=Z4zhRdU9ID3tudeF7NeIFHD38Tk26oLSmwVcDnpyOXc5GwzYO7-5SXyrzdP1cLc0QYD7-1I8ZwzU-a~YEHSXpx3Lsd5zgLUZPJ2uAk5l-X~sUO7k2vdcO4TH05Y-7I1y8SmIxwX9FuEAViaHLo3mw53mE54bm4g1oMaI52rEuD4Tagl4O6tMd02wgzvIccDA3Drzp3Zo~uNCYQ6Lpr4Xvd7L5z-pSStwHq496JfQ79ADNFZ1~MxnGaCNYHWjCx4lUCvt1cf3PIYidXYeWQuEFOzly4740RULRqtpRHY6YAb~9Y~g~dZdMKHIQkw7OCvF3iL40QSpltXegII9kWhP2g__&Key-Pair-Id=K2TK3EG287XSFC)
- In the SAML Configuration tab, enter IdP details manually and perform the following steps:
- Paste the Login URL and Logout URL copied from Azure AD (refer Step 6 above)
- Select the certificate that you downloaded (extension must be ".cer") (Refer Step 5 above)
- Select RSA for the algorithm.
- Click Submit.
Assigning Users
- In the Azure portal, open the Applications view.
- Navigate to the Directory view and select Enterprise applications, then click All applications.
- In the applications list, select Zoho.
- Click Users and groups in the left-side menu.
- Click Add user
- Select Users and groups from the Add Assignment page
- Select users from the list.
- Click Assign button after selecting the users
Once you complete the above steps, Azure AD Single Sign-on will be configured and activated for ServiceDesk Plus Cloud.
Initiating Authentication
Please ask your organization users to use the custom domain or subdomain configured in ESM Directory ---> ESM Portal (URL for Organization Portal). They will be redirected to Microsoft login page and they can supply their Azure AD credentials to log in.