Verifying Domains

Organizations own and manage several domains with different URLs and email addresses. For instance, a company named Zylker could have domains such as zylker.com, zylker.org, or zylkerservices.com. ServiceDesk Plus Cloud enables you to add and verify all the domains associated with your organization in the ESM Directory. The added domains can be verified from the Domain Provider console or by hosting a HTML file with verified credentials.

To add users to any domain, you must verify the validity of the domain and its users. Domain verification is also necessary to confirm your ownership of the domain and to customize the domain per your requirements.

Users added from a verified domain will not receive an invitation email. Additionally, the application language for users imported from verified domains will be auto-configured based on the department's site they are assigned to.

Role Required: OrgAdmin

Quick Links

 Verify Domains

Go to ESM Directory > Custom Domains.

Click New Domain, add your domain name to the pop-up displayed, and click Save.

 

 

The Verified Domains home page will now list your domain. In the status column, select Click to verify.

In the Verify Domain pop-up window, select the verification method: CNAME or HTML File Method.

Domain Verification using CNAME Method  

CNAME record type in the DNS Management page. You will need access to the DNS records to verify via CNAME method. Depending on your Internet Service Provider, the CNAME verification can take a while to be completed.

  1. Log into your domain hosting site and locate the DNS management page.
  2. Add the CNAME and Value displayed in the application to the respective fields in the DNS management page. Ensure your domain points to zmverify.zoho.com as mentioned in the UI.

 

 

  1. After an hour, click the Verify button. Your domain will be verified.

Refer to the following video for an illustration on how to verify using the CNAME method:

 

Domain Verification using HTML File Method 

You can also use the HTML File method where you only need to host the HTML page containing the verification code. After you host the HTML page, you can verify the domain in ServiceDesk Plus Cloud promptly.

  1. Open a text editor (wordpad/notepad), copy the verification code displayed into the text editor, save the file as "zoho-domain-verification.html". Ensure that the file does not contain any HTML tags.

 

 

  1. Log into your web server and upload the file "zoho-domain-verification.html" in it.
  2. Check if your domain link is accessible through the internet. The URL should be structured as: http://<domain-name>/zoho-domain-verification.html.
  3. Click the Verify button. Your domain will be verified.

Customizing Domains

Announcement for Existing Users who employed Custom URL to their ServiceDesk Plus Cloud Setups

For users who have already saved a custom URL without a proper CNAME, the verification will fail following the feature upgrade on 27 August 2021. The custom URL will be removed and the application will revert to the default URL. Users are required to redo verification to continue using their own custom URL.

If the CNAME for your sub-domain is configured and verified already, SSL certification will be auto-applied for your custom domain if it is not applied already.

You can now access ServiceDesk Plus Cloud services/instances by using custom domains. A custom domain will help you access a specific service desk instance through a URL that is part of your organization's domain. You can create multiple domains and associate them with specific help desk instances.

Prerequisite  

Before you set up a custom URL, configure the CNAME of your sub-domain as explained below.

  1. Log into your domain hosting site and locate the DNS management page.
  2. In the control panel, add your sub-domain value in the CNAME field to the DNS management page.
  3. Copy the URL displayed on Step 2 in UI and paste it in the Values field to the DNS management page. Note that this URL varies depending on your data center.
  4. After an hour, click the Verify button. Your sub-domain will be verified.

For example: If you have provided your sub-domain is helpdesk.zylker.com and your data center is configured as USA, your sub-domain should point to customer-sdpondemand.manageengine.com.

Add Custom Service URLs

Represent your brand name in place of the default URL by setting up your custom domain. Instead of the default URL, your users will now access the services via the domain you have configured.

To create a new customized service URL for accessing ServiceDesk Plus Cloud,

1. Go to ESM Directory > Custom Service URLs > New Service URL.

 

 

1. Enter a sub domain name and select the verified domain from the drop-down.

2. Click Verify & Save.

 

 

 Associate domains to instances

Once you have added and verified domains, you can associate them with instances.

To do that,

 

 

 

 

Note: You can also associate a domain with multiple instances.
When you associate a custom domain to multiple instances, 
  1. If one of the associated instance is the default instance, then that instance will be shown when the custom domain URL is accessed. For example, if zylker.fwcloud.com domain is associated with IT desk and HR desk instances of which only the IT desk is marked as default, then zylker.fwcloud.com domain will redirect to the IT desk.

  1. If the default instance is not marked, then the users' own default setup will be followed.

  1. If the custom URL used has the instance name [URL Name] then, priority will be given to the instance with the URL name.  For example, lets assume, there are two custom URLs sysadmin.zylker.com and hrdesk.zylker.com. And of which sysadmin.zylker.com is mapped to the IT desk and TN IT desk and hrdesk.zylker.com is mapped to HR desk, in this case, accessing https://sysadmin.zylker.com/app/hrdesk and https://hrdesk.zylker.com/app/hrdesk will redirect to the HR desk instance.
  1. If a user inputs the instance name into the URL, i.e, zylker.com/app/<instance name>, then the user will be redirected to that particular instance, provided the user has access to it.
  1. If the user does not input the instance name into the URL i.e, zylker.com, then the following two cases can happen:
    a.If a domain has only one SDP instance associated with it, then accessing zylker.com will redirect to that mapped instance.
    b. If multiple instances are associated, then resolution will happen based on the organization and user configuration in the Default portal. i.e,. If the user has a default portal, then navigation will happen to the user's default portal, if not, then to the portal home page (/home ).
  1. When you make a URL the default URL, then the instances with no custom URL will be mapped with the default URL. The same URL will be used to access as well as while sending links in mail notifications for that particular instance.

 

 

ServiceDesk Plus Cloud automatically verifies if the CNAME of your sub-domain points to the application. If the verification is completed successfully, you will be able to use your custom URL to access ServiceDesk Plus Cloud immediately, depending on your data center configuration. If your data center has mandated SSL certification, you can use your custom URL after an SSL certificate is applied.

Once created, custom URLs cannot be edited further. Users can remove the custom URL and add a new URL, if needed.

Do not remove the CNAME entry even after verification as it will be used for service redirection. Without this entry, the service cannot be reached using a custom domain.

Once created, custom URLs cannot be edited further. Users can remove the custom URL and add a new URL, if needed.

In the event of CNAME verification failure, an appropriate message will be displayed in the application UI citing the reason for failure.
Note that CNAME verification for custom domains is not the same as verifying domains explained above. Domain verification verifies your primary domains while custom domains verify your sub-domains. Therefore, you must configure the CNAME of you sub-domains before setting up a custom URL.

SSL Certification 

SSL Certificate will be automatically applied to secure your domain. The process for SSL certification is initiated immediately after your custom domain is created. Typically, custom domains are validated and SSL certification will be completed in 1 business day.

You can track your SSL Certification status from the ESM Directory > Organization URLs if needed.

 Once the SSL is certified and updated, the application will run only in HTTPS mode. We will implement the SSL certificate and enforce HTTPS for your custom domain using a multi-domain certificate on our servers.

 

Why should I add and verify my domain?  
  1. Verification is necessary for us to confirm your ownership of the domain.
  2. You can import users from Active Directory to ServiceDesk Plus Cloud directly without sending an invitation if the email addresses contain the verified domain name.
  3. Domain verification is necessary for configuring custom domains and for enabling SAML Authentication.

Important Pointers

If you happen to change your domain, then the following impact can happen depending on how you are going to use the old and new one.

1. Verified domain. You may need to add the new domain as verified, mark as default if necessary.
2. If your user's email in the old domain is retained and the new will be
added as alternate/another email, then make the necessary adjustments to Sync flow (Azure/Provisioning tool) for Email and Alternate email field mapping.
3. Make sure that emails are mapped appropriately.
4. For users who are on SAML , the claim ID is expected on the email of the user
which is confirmed /verified in Zoho. Make sure you have followed instructions up to the 3rd point, as then you can only return the new email as claim id or you can
keep the existing old email as claim id.
5. If you are changing the domain for service access, then make sure to add the domain with a subdomain in ESM Directory > Organization URLs. You will need to do the CName mapping. SSL can take about 48hrs. So plan accordingly.
6. If you are changing your IDP access url, then you need to regenerate the certificate and update the login/logout url for saml configuration and
update the new certificate.