Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Service Manager

Administer > Service Manager Service Portal administration > Service Manager Service Portal admin UI help > Identity > Manage Authentications

Manage Authentications

Concepts

The Service Manager Service Portal Administrator can use the Authentication view to configure and manage the following types of authentication identity servers:

LDAP — the Administrator can configure and manage multiple LDAP (Lightweight Directory Access Protocol) identity servers for an organization. The Administrator can connect multiple LDAP servers by adding configurations and adjusting their relative priority within an organization.

LDAP is used to:

Authenticate a user's login.
Authenticate a user's access to information.
Authorize a user's access to information.

To completely configure Service Manager Service Portal access with LDAP, you must configure LDAP to authenticate a user's login, configure LDAP for an organization to authenticate a user's access to information, and configure access control for an organization to authorize a user's access to information.

Tasks

The Service Manager Service Portal Administrator can perform the following authentication tasks:

View Authentication Configurations
Add LDAP Configuration
Manage Authentications
Manage Authentications
Delete an Authentication Configuration

View Authentication Configurations

To view all of the authentication configurations for an organization:

Click the Identity application in the Launchpad.
In the Organization List view, click the organization that contains the authentication configurations you want to view.
In the Organization Details view, click Authentication.

The Authentication view is displayed and all of the authentication configurations for the organization are listed.

Add LDAP Configuration

Note This task assumes you are in the Authentication view for the organization. (See View Authentication Configurations for instructions.)

To configure LDAP for an organization:

In the Authentication view, click Add Configuration.
In the Create new Authentication dialog, select LDAP Configuration and then click Create.

In the LDAP Server Settings dialog, type the values for required fields.

LDAP Server Information

Configure one or more LDAP servers and a user with access to the server.

Item	Description
Display Name	The display name for the LDAP server.
Hostname	The fully-qualified LDAP server domain name (server.domain.com) or IP address. Example: `ldap.xyz.com`
Port	The port used to connect to the LDAP server (by default, 389). Example: `389`
SSL Connection	If the LDAP server is configured to require ldaps (LDAP over SSL), select the SSL Connection checkbox.
Base DN	Base distinguished name. The Base DN is the top level of the LDAP directory that is used as the basis of a search. Example: `o=xyz.com`
User ID (Full DN)	The fully distinguished name of any user with authentication rights to the LDAP server. If the LDAP server does not require a User ID or password for authentication, this value can be omitted. Example: `uid=admin@xyz.com,ou=People,o=xyz.com`
Password	Password of the User ID. If the LDAP server does not require a User ID or password for authentication, this value can be omitted.
Retype Password	Retype the password of the User ID.

LDAP Attributes

Enter the names of the attributes whose values are used for email notifications, authentication, and Service Manager Service Portal approvals.

Item	Description
Full Name	The name of the LDAP attribute used to store the full name of the user. Often, this is `cn` or Display Name, but different LDAP directories may use different attributes. Contact your LDAP administrator to determine the proper Full Name. Default: `cn`
User Email	The name of the attribute of a user object that designates the email address of the user. The email address is used for notifications. If a value for this attribute does not exist for a user, the user does not receive email notifications. Default: `mail`
Group Membership	The name of the attribute(s) of a group object that identifies a user as belonging to the group. If multiple attributes convey group membership, the attribute names should be separated by a comma. Default: `member,uniqueMember`
Manager Identifier	The name of the attribute of a user object that identifies the manager of the user. Default: `manager`
Manager Identifier Value	The name of the attribute of a user object that describes the value of the Manager Identifier's attribute. For example, if the value of the Manager Identifier attribute is a distinguished name (such as `cn=John Smith, ou=People, o=xyz.com`) then the value of this field could be `dn` (distinguished name). Or, if the Manager Identifier is an email address (such as `admin@xyz.com`) then the value of this field could be `email`. Default: `dn`
User Avatar	LDAP attribute whose value is the URL to a user avatar image that is displayed for the logged-in user. If no avatar is specified, a default avatar image is used.

User Login Settings

A user search-based login method is used to authenticate access to information.

Item	Description
User Name Attributes	The name of the attribute of a user object that contains the username that will be used to log in. The value for this field can be determined by looking at one or more user objects in the LDAP directory to determine which attribute consistently contains a unique user name. Often, you will want a User Name Attribute whose value in a user object is an email address. Examples: `userPrincipalName` or `sAMAccountName` or `uid`
User Searchbase	The location in the LDAP directory where users' records are located. This location should be specified relative to the Base DN. If users are not located in a common directory under the Base DN, leave this field blank. Examples: `cn=Users` or `ou=People`
User Search Filter	Specifies the general form of the LDAP query used to identify users during login. It must include the pattern `{0}`, which represents the user name entered by the user when logging in. The filter is generally of the form `{<attribute>= 0}`, with `<attribute>` typically corresponding to the value entered for User Name Attribute. Examples: `userPrincipalName={0}` or `sAMAccountName={0}` or `uid={0}`
Search Option (Search Subtree)	When a user logs in, the LDAP directory is queried to find the user’s account. The Search Subtree setting controls the depth of the search under User Searchbase. If you want to search for a matching user in the User Searchbase and all subtrees under the User Searchbase, make sure the Search Subtree checkbox is selected. If you want to restrict the search for a matching user to only the User Searchbase, excluding any subtrees, unselect the Search Subtree checkbox.

Click Save to complete the authentication configuration.

The new LDAP authentication configuration appears in the list of authentications for the organization.

Add a SAML Configuration

This task assumes you are in the Authentication view for the organization. (See View Authentication Configurations for instructions.)

To configure SAML for an organization:

In the Authentication view, click Add Configuration.
In the Create new Authentication dialog, select SAML Configuration and then click the Create button.
In the SAML Server Settings dialog, type the values for required fields.
Click the Save button to complete the authentication configuration.

The new SAML authentication configuration appears in the list of authentications for the organization.

Important For information about the entire procedure of setting up SAML authentication in Service Manager Service Portal, see the SAML Single Sign-On section in the Service Manager Help Center, published at the Software Documentation Portal.

Edit an Authentication Configuration

Note This task assumes you are in the Authentication view for the organization. (See View Authentication Configurations for instructions.)

To edit an authentication configuration:

In the Authentication view, for the authentication configuration to edit, click the edit icon.
In the LDAP server settings dialog, type your changes, and then click Save to finish and save your changes.

Delete an Authentication Configuration

Note This task assumes you are in the Authentication view for the organization. (See View Authentication Configurations for instructions.)

To delete an authentication configuration:

In the Authentication view, for the authentication configuration to delete, click the delete icon.
Confirm deletion of the authentication configuration.

The Service Manager Service Portal authentication configuration is deleted.