ManageEngine ServiceDesk Plus

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for ManageEngine ServiceDesk Plus using SAML.

About ManageEngine ServiceDesk Plus

ManageEngine ServiceDesk Plus provides end-to-end IT management solutions starting from network and device management, to security and service desk softwares.

After integrating ManageEngine ServiceDesk Plus with Oracle Identity Cloud Service:

Users can access ManageEngine ServiceDesk Plus using their Oracle Identity Cloud Service login credentials.
Users can start ManageEngine ServiceDesk Plus using the Oracle Identity Cloud Service My Apps console.
Admins can assign and revoke user access to the ManageEngine ServiceDesk Plus app using the Oracle Identity Cloud Service administration console.

What Do You Need?

An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
Active Zoho and ManageEngine ServiceDesk Plus accounts with authorization rights to configure federated authentication. Tip: Use this Zoho account later during the ManageEngine ServiceDesk Plus configuration in the "Obtaining ManageEngine ServiceDesk Plus Domain Name" and "Importing Federated Users from Zoho to ManageEngine ServiceDesk Plus" sections.
Make sure that the email ID of each user in ManageEngine ServiceDesk Plus matches the primary email ID of the Oracle Identity Cloud Service account.
A ManageEngine ServiceDesk Plus account with a verified domain to include when you register the ManageEngine ServiceDesk Plus app in Oracle Identity Cloud Service.
An Oracle Identity Cloud Service signing certificate.

Obtaining the Certificate in .PEM Format

Use this section to convert the X.509 Certificate value into a format that is suitable for Oracle Identity Cloud Service.

Tip: Use this content later during the ManageEngine ServiceDesk Plus configuration in the "Configuring SSO for ManageEngine ServiceDesk Plus" section.

Use the following URL to access the metadata: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata.
In the metadata file, locate the md:IDPSSODescriptor tag.
Copy the content between the dsig:X509Certificate tags into a text file. This content is the Oracle Identity Cloud Service certificate.
Add -----BEGIN CERTIFICATE----- at the beginning of the content.
Add -----END CERTIFICATE----- at the end of the content.
Save the text file in .PEM format.

Tip: Use this content later during the ManageEngine ServiceDesk Plus configuration in the "Configuring SSO for ManageEngine ServiceDesk Plus" section.

Obtaining ManageEngine ServiceDesk Plus Domain Name

Access ManageEngine ServiceDesk Plus as an administrator using the URL: https://sdpondemand.manageengine.com/ that you received in an email from ManageEngine ServiceDesk Plus. The ManageEngine ServiceDesk Plus home page appears.
In the header menu, click Setup, locate Portal & Settings, and then click Self-Service Portal. The Self-Service Portal page appears.
Locate the Domain Mapping section, click the New Domain (+) button near the Your Own Domain option. The Domain Details page appears.
Click Add Domain. The Add Domain dialog box appears.
Enter the Domain Name, and then click Save. The Domain Details page displays the newly added domain name.
Click Click to Verify under the Status column to verify the domain name. The Verify Domain dialog box appears.
Click Verify to verify your domain.
Access your Zoho account using the URL: https://mailadmin.zoho.com, and confirm that the domain name is reflected in the account. This confirms that the domain name is verified.
After the domain name is verified, go back to the Self-Service Portal page in ManageEngine ServiceDesk Plus, locate the Domain Mapping section, enter the verified domain name in the Sub Domain text box, and then click Check Availability.
Access your Zoho account, click Domains in the Control Panel, and then confirm that the newly created domain name is displayed in the Domains page.

Tip:Use this domain name value later while registering ManageEngine ServiceDesk Plus and verifying integration. See the "Registering and Activating the ManageEngine ServiceDesk Plus App" and "Verifying the Integration" sections.

Obtaining ManageEngine ServiceDesk Plus Relay State

Use this relay state value during ManageEngine ServiceDesk Plus registration in the "Registering and Activating the ManageEngine ServiceDesk Plus App" section.

Access the URL: https://www.samltool.com/base64.php to encode the relay state URL. The Base64 page appears.
Locate the Encode section, paste the following relay state URL in the XML to be Base64 Encode text box: https://<Domain_Name>.sdpondemand.manageengine.com/jsp/index.jsp__IAM__SDPOnDemand.

Note: Use the domain name value that you obtained earlier in the "Obtaining ManageEngine ServiceDesk Plus Domain Name" section.
Click BASE64 ENCODE XML. The encoded relay state value appears in the Base64 Encode XML text box.
Make note of the encoded relay state value.

Configuring SSO for ManageEngine ServiceDesk Plus

Access ManageEngine ServiceDesk Plus as an administrator using the URL: https://sdpondemand.manageengine.com/. The ServiceDesk Plus home page appears.
In the header menu, click Setup, locate Apps & Add-ons, and then click SAML. The SAML page appears.

Use the following table to update the federated authentication attributes, and then click Submit.

This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
Attribute	Value
Login URL	Enter the Sign-in URL/SSO Endpoint: `https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso`.
Logout URL	Enter the Sign-out URL/SLO Endpoint: `https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole`.
Certificate	Upload the certificate that you obtained earlier in the "Obtaining the Certificate" section.
Algorithm	Select RSA from the drop-down list.

Importing Federated Users from Zoho to ManageEngine ServiceDesk Plus

Access your Zoho account, and then click User Details in the Control Panel. The User Details page appears.
Click Add User, enter the required details of the user, and then click OK.

Note: When entering the Email ID of the user, make sure to select the newly created domain name from the drop-down list. This is the domain name that you obtained earlier in the "Obtaining ManageEngine ServiceDesk Plus Domain Name" section.
Access ManageEngine ServiceDesk Plus as an administrator, click Setup in the header menu, locate Users & Permissions, and then click Users. The Users & Permissions page appears.
Click Import Users, and then select Import from Zoho Business to import the newly created users from Zoho to ManageEngine ServiceDesk Plus app. The Import from Zoho Business dialog box appears.
Select the users that must be imported, and then click Import Now. The selected users are added to the ManageEngine ServiceDesk Plus app.

Configuring the ManageEngine ServiceDesk Plus App in Oracle Identity Cloud Service

Use this section to register and activate the ManageEngine ServiceDesk Plus app, and then assign users to the app.

Registering and Activating the ManageEngine ServiceDesk Plus App

Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.
Click App Catalog.
Search for ManageEngine ServiceDesk Plus, and then click Add.
In the App Details section, enter your ManageEngine ServiceDesk Plus Domain Name and Relay State, and then click Next.

Tip: These are the domain name and relay state values that you obtained earlier in the "Obtaining ManageEngine ServiceDesk Plus Domain Name" and "Obtaining ManageEngine ServiceDesk Plus Relay State" sections respectively.
Click Finish. Oracle Identity Cloud Service displays a confirmation message.
Click Activate, and then click Activate Application. The Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the ManageEngine ServiceDesk Plus App

On the ManageEngine ServiceDesk Plus app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.
Select users that you want to assign to ManageEngine ServiceDesk Plus, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the ManageEngine ServiceDesk Plus app is assigned to the users that you selected.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO) and ManageEngine ServiceDesk Plus (SP Initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.
Log in using credentials for a user that is assigned to the ManageEngine ServiceDesk Plus app. Oracle Identity Cloud Service displays a shortcut to ManageEngine ServiceDesk Plus under My Apps.
Click ManageEngine ServiceDesk Plus. The ServiceDesk Plus home page appears.
In the upper-right corner of the header, confirm that the user logged in is the same for both ManageEngine ServiceDesk Plus and Oracle Identity Cloud Service.

This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from ManageEngine ServiceDesk Plus

Access ManageEngine ServiceDesk Plus using the URL: https://<Domain_Name>.sdpondemand.manageengine.com/. You are redirected to the Oracle Identity Cloud Service login page.

Note: The domain name is the value that you obtained earlier in the "Obtaining ManageEngine ServiceDesk Plus Domain Name" section.
Log in using credentials for a user that is assigned to the ManageEngine ServiceDesk Plus app. The ServiceDesk Plus home page appears.
In the upper-right corner of the header, confirm that the user that is logged in is the same for both ManageEngine ServiceDesk Plus and Oracle Identity Cloud Service.

This confirms that SSO that is initiated from ManageEngine ServiceDesk Plus works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

ManageEngine ServiceDesk Plus displays the message, "You are not a registered organization user. Please contact your administrator "`<Admin_UserName>`" to enable login."

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in ManageEngine ServiceDesk Plus.

Solution: Ensure that the user that you assign to the ManageEngine ServiceDesk Plus app has an account in both Oracle Identity Cloud Service and ManageEngine ServiceDesk Plus with the same email address.

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service ManageEngine ServiceDesk Plus app and ManageEngine ServiceDesk Plus is deactivated.

Solution 1:

Access the Oracle Identity Cloud Service administration console, select Applications, and then select ManageEngine ServiceDesk Plus.
In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the ManageEngine ServiceDesk Plus app using Oracle Identity Cloud Service.

Solution 2:

Access the Oracle Identity Cloud Service administration console, select Applications, and then select ManageEngine ServiceDesk Plus.
In the App Details section, select Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

Go to https://support.oracle.com.
Select Cloud Support, and then sign in with your support credentials.
In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.
Select Oracle Identity Cloud Service as the service type.
Complete your service request.