Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
Manage Authentications
Concepts
The Service Manager Service Portal Administrator can use the Authentication view to configure and manage the following types of authentication identity servers:
LDAP — the Administrator can configure and manage multiple LDAP (Lightweight Directory Access Protocol) identity servers for an organization. The Administrator can connect multiple LDAP servers by adding configurations and adjusting their relative priority within an organization.
LDAP is used to:
- Authenticate a user's login.
- Authenticate a user's access to information.
- Authorize a user's access to information.
To completely configure Service Manager Service Portal access with LDAP, you must configure LDAP to authenticate a user's login, configure LDAP for an organization to authenticate a user's access to information, and configure access control for an organization to authorize a user's access to information.
Tasks
The Service Manager Service Portal Administrator can perform the following authentication tasks:
- View Authentication Configurations
- Add LDAP Configuration
- Manage Authentications
- Manage Authentications
- Delete an Authentication Configuration
View Authentication Configurations
To view all of the authentication configurations for an organization:
- Click the Identity application in the Launchpad.
- In the Organization List view, click the organization that contains the authentication configurations you want to view.
- In the Organization Details view, click Authentication.
The Authentication view is displayed and all of the authentication configurations for the organization are listed.
Add LDAP Configuration
Note This task assumes you are in the Authentication view for the organization. (See View Authentication Configurations for instructions.)
To configure LDAP for an organization:
- In the Authentication view, click Add Configuration.
- In the Create new Authentication dialog, select LDAP Configuration and then click Create.
-
In the LDAP Server Settings dialog, type the values for required fields.
LDAP Server Information
Configure one or more LDAP servers and a user with access to the server.
Item Description Display Name The display name for the LDAP server. Hostname The fully-qualified LDAP server domain name (server.domain.com) or IP address.
Example:
ldap.xyz.com
Port The port used to connect to the LDAP server (by default, 389).
Example:
389
SSL Connection If the LDAP server is configured to require ldaps (LDAP over SSL), select the SSL Connection checkbox. Base DN Base distinguished name. The Base DN is the top level of the LDAP directory that is used as the basis of a search.
Example:
o=xyz.com
User ID (Full DN) The fully distinguished name of any user with authentication rights to the LDAP server. If the LDAP server does not require a User ID or password for authentication, this value can be omitted.
Example:
uid=admin@xyz.com,ou=People,o=xyz.com
Password Password of the User ID. If the LDAP server does not require a User ID or password for authentication, this value can be omitted.
Retype Password Retype the password of the User ID. LDAP Attributes
Enter the names of the attributes whose values are used for email notifications, authentication, and Service Manager Service Portal approvals.
Item Description Full Name The name of the LDAP attribute used to store the full name of the user. Often, this is
cn
or Display Name, but different LDAP directories may use different attributes. Contact your LDAP administrator to determine the proper Full Name.Default:
cn
User Email The name of the attribute of a user object that designates the email address of the user. The email address is used for notifications. If a value for this attribute does not exist for a user, the user does not receive email notifications.
Default:
mail
Group Membership The name of the attribute(s) of a group object that identifies a user as belonging to the group. If multiple attributes convey group membership, the attribute names should be separated by a comma.
Default:
member,uniqueMember
Manager Identifier The name of the attribute of a user object that identifies the manager of the user.
Default:
manager
Manager Identifier Value The name of the attribute of a user object that describes the value of the Manager Identifier's attribute. For example, if the value of the Manager Identifier attribute is a distinguished name (such as
cn=John Smith, ou=People, o=xyz.com
) then the value of this field could bedn
(distinguished name). Or, if the Manager Identifier is an email address (such asadmin@xyz.com
) then the value of this field could beemail
.Default:
dn
User Avatar LDAP attribute whose value is the URL to a user avatar image that is displayed for the logged-in user. If no avatar is specified, a default avatar image is used.
User Login Settings
A user search-based login method is used to authenticate access to information.
Item Description User Name Attributes The name of the attribute of a user object that contains the username that will be used to log in. The value for this field can be determined by looking at one or more user objects in the LDAP directory to determine which attribute consistently contains a unique user name. Often, you will want a User Name Attribute whose value in a user object is an email address.
Examples:
userPrincipalName
orsAMAccountName
oruid
User Searchbase The location in the LDAP directory where users' records are located. This location should be specified relative to the Base DN. If users are not located in a common directory under the Base DN, leave this field blank.
Examples:
cn=Users
orou=People
User Search Filter Specifies the general form of the LDAP query used to identify users during login. It must include the pattern
{0}
, which represents the user name entered by the user when logging in. The filter is generally of the form{<attribute>= 0}
, with<attribute>
typically corresponding to the value entered for User Name Attribute.Examples:
userPrincipalName={0}
orsAMAccountName={0}
oruid={0}
Search Option (Search Subtree) When a user logs in, the LDAP directory is queried to find the user’s account. The Search Subtree setting controls the depth of the search under User Searchbase.
If you want to search for a matching user in the User Searchbase and all subtrees under the User Searchbase, make sure the Search Subtree checkbox is selected.
If you want to restrict the search for a matching user to only the User Searchbase, excluding any subtrees, unselect the Search Subtree checkbox.
- Click Save to complete the authentication configuration.
The new LDAP authentication configuration appears in the list of authentications for the organization.
Add a SAML Configuration
This task assumes you are in the Authentication view for the organization. (See View Authentication Configurations for instructions.)
To configure SAML for an organization:
- In the Authentication view, click Add Configuration.
- In the Create new Authentication dialog, select SAML Configuration and then click the Create button.
- In the SAML Server Settings dialog, type the values for required fields.
- Click the Save button to complete the authentication configuration.
The new SAML authentication configuration appears in the list of authentications for the organization.
Important For information about the entire procedure of setting up SAML authentication in Service Manager Service Portal, see the SAML Single Sign-On section in the Service Manager Help Center, published at the Software Documentation Portal.
Edit an Authentication Configuration
Note This task assumes you are in the Authentication view for the organization. (See View Authentication Configurations for instructions.)
To edit an authentication configuration:
- In the Authentication view, for the authentication configuration to edit, click the edit icon.
- In the LDAP server settings dialog, type your changes, and then click Save to finish and save your changes.
Delete an Authentication Configuration
Note This task assumes you are in the Authentication view for the organization. (See View Authentication Configurations for instructions.)
To delete an authentication configuration:
- In the Authentication view, for the authentication configuration to delete, click the delete icon.
- Confirm deletion of the authentication configuration.
The Service Manager Service Portal authentication configuration is deleted.
Related Topics
- Manage Organizations – Create, revise, and delete organizations.
- Manage Languages – Add, set as default, and delete languages within a Consumer organization.
- Manage Customizations – Customize various aspects of the organization, such as the Service Manager Service Portal title and welcome message.
- Manage Roles – Associate roles to groups and remove roles from groups.
- Manage Groups – Create, revise, and delete groups within an organization.
- Manage Permissions – Associate groups and permissions to roles and remove groups and permissions from roles.
- Manage Impersonations – For request on behalf, create and delete impersonations.
- Service Manager Service Portal Automation License – Manage Service Manager Service Portal licensing.