ESM Directory

ESM Directory


Role Required
: Organization Admin

The ESM directory is an index of organization level configurations.

From the ESM directory, you can manage your organization details, users, authentication settings, and service desk instances.

You can access the ESM Directory from the ESM Portal page.



You can also access the ESM portal from the left pane in the Self-Service Portal using the  icon.




View your Organization Details 

You can view and edit your organization details from here.

You can update the organization details such as organization name, organization ID, location, email ID, contact information, company logo, and more.

To view your organization details, go to ESM Directory > Organization Details.


Onboard your Team 

You can onboard your team in to ServiceDesk Plus Cloud via email. You can create users manually or import them from Azure or from AD/LDAP.

Users added in the ESM Directory contain organization-level permissions and can be provided with access to various service desk instances.

Add Users Manually

Go to ESM Directory > Users. On the users list view page, click New User.

Fill out the following attributes:

Attribute

Description

Personal Details

Name (Display Name) - Add a preferred name of the user to be displayed elsewhere in the application.

First Name and Last Name - Specify the user's formal first and last names.

Email and Password - Enter the user's login email address and password.

Gender - Specify the user's gender information.

Contact Information

Mention the address, mobile, phone, and skype email address of the user.

Customization

Choose the Time Zone and Language of the user.

Enable Organization Admin privileges for the user, if needed.




An invitation will be sent to the user's specified email address. After the users accept the invitation, they can be added to specific instances.

Import Users from Azure

You can import your users from Azure AD into the ESM Directory using a simple, no-integration feature available to all ESM users.

On the users list view, go to Import Users > Import from Azure.

If you are not pre-authenticated in Microsoft Azure, a one-time popup will appear asking you to authorize your Microsoft account. Click Allow.



You will be directed to the Microsoft authorization page. Sign in to your Microsoft account to link the Zoho IAM account and Microsoft account.

On successful completion of the authorization process, you will be redirected to the Import from Azure page. Select the users you wish to import and click Import Now.


An invitation mail will be sent to the imported users. If the email addresses of the users are in verified domains, they will be added automatically without invitations.
If a user imported from Azure AD is added to an instance and Azure User Sync integration is enabled in the same instance, the user details will be auto-updated from Azure. 


Verify Domains 

ServiceDesk Plus Cloud allows you to add and verify all domains associated with your organization. This will help you instantly onboard users whose email address contains the verified domain name. To verify domains, go to ESM Directory > Verified Domains.

To add the domain URL, click New Domain. After adding a domain, you can verify them using two methods: CNAME method or HTML File method.

CNAME method

HTML File method

Log in to your domain hosting site and locate the DNS management page.

Open a text editor (wordpad/notepad), copy the verification code displayed into the text editor, save the file as "zoho-domain-verification.html". Ensure that the file does not contain any HTML tags.

Log in to your web server and upload the file "zoho-domain-verification.html" in it.

 

Add the CNAME and Value displayed in the application to the respective fields in the DNS management page.

Check if the link shown here is accessible through the internet:

http://listview.com/zoho-domain-verification.html.

 

After an hour, click Verify. Your domain will be verified.

Click Verify.

 

The verified domains are displayed with a green tick on the Status column in the verified domain list view page.



Enable One-Click Login via SAML 

Security Assertion Markup Language (SAML) is an alternative sign-in method that enables users to bypass the conventional practice of entering passwords. You can integrate ServiceDesk Plus Cloud with an identity provider through which users will be authenticated and logged in to the application.
To enable SAML, follow the steps given below:
  1. Verify your Domain
  2. Configure Sub-domain or Custom Domain
  3. Install Identity Provider (IdP)
  4. Configure SAML
Verify Your Domain

SAML authentication can be enabled for your users only if the domains in your organization's purview are verified. You can add and verify your domains via ESM Directory > Verified Domains. More information on domain verification is available here.

Configure Sub-domain or Custom Domain

You will require a sub-domain or a custom domain to enable SAML authentication. If you are configuring a custom domain, add a CName alias that points to customer-sdpondemand.manageengine.com.
To know how to configure sub-domains or custom domains, click here.

Install Identity Provider

ServiceDesk Plus Cloud supports SAML 2.0 and so install a SAML 2.0-compliant Identity Provider in your network. The IdP will handle authentication requests and perform Active Directory/LDAP/custom authentication. After the user is verified, an IdP will instruct the browser to redirect with the response to accounts.zoho.com.

Configure SAML
Use the pointers below to configure SAML 2.0 from the ESM directory.

 

Field

Description

IdP Login URL

Specify the identity provider's login URL & logout URL so that login requests will be redirected accordingly.

IdP Logout URL

IdP's Certificate

Provide the algorithm and the public key certificate of the Identity Provider so that Zoho/ManageEngine can decrypt the SAML responses sent by the identity provider.

Encryption Algorithm

 

Once SAML authentication is configured, your organization users must access ServiceDesk Plus Cloud through the sub-domain or customized domain only.

Import Users from AD 

You can import users from Active Directory to ESM Directory and keep them periodically synced. AD Import of users helps you set up SAML authentication and allows users to log in to ServiceDesk Plus Cloud without credentials.

Prerequisites
  1. Ensure that you have verified at least one domain in the application.  
  2. Download a provisioning app to import users from AD/LDAP.
 To learn in-depth how to download the provisioning app and import users from Active Directory, click here


Active Directory Authentication

To allow users to authenticate with ServiceDesk Plus using their Active Directory credentials, you need to install the Active Directory Federation Service (ADFS) and set up SAML authentication between ServiceDesk Plus and ADFS.

You can set up ADFS as the IdP to allow your users to log in to ServiceDesk Plus with their Active Directory credentials.
Refer here to learn how to set up SAML.

Add Secondary Email to User Accounts

Enable users to log in to the application using their User Principal Name (UPN ID). ServiceDesk Plus Cloud allows SDAdmins/OrgAdmins to add a secondary email to user accounts via CSV import or provisioning tools. However, the user details page does not display the secondary email because it is used only for login purposes.

 OrgAdmin/SDAdmin can update the secondary email of users at any stage via CSV import or provisioning tools. 

Create Service Desk Instances 

An instance is simply a service desk. An organization usually operates using several departments, each managing various business functions. ESM allows you to create separate service desk instances for each of your business functions such as IT, HR, facilities etc. You can configure unique templates, implement custom-made workflows, and add users to each instance based on their service desk operations.

Set up ESM Portal Page 

You can customize the layout and theme of ESM portal. To perform this, you should have technician permissions for the ESM directory.

To go to the ESM Directory, click ESM Directory on the top-right of the ESM portal page. You can also go to the ESM directory from the instances. Click the Instances  icon on the navigation menu and click ESM Directory > ESM Portal.

You can create a custom URL for your domain and customize the layout of the organization portal to change its look and feel. You can also add widgets into the portal for easy access to other services. Based on your role, you can set your preferred landing page for your organization.






    • Related Articles

    • ESM Portal

      After you sign into ServiceDesk Plus Cloud, you will be directed to the ESM portal page. The ESM portal is a central console that lists the service desk instances that are accessible to you. Select the instance where you need help. On the ESM portal ...
    • Zoho Directory

      Zoho Directory is a workforce identity and access management application that allows you to manage all your organization's users across different applications. It is a directory service owned by Zoho that helps in easy user management in ServiceDesk ...
    • Glossary

      This short glossary is a repository of technical terms that are use across ServiceDesk Plus Cloud. Where applicable, information on where the term may be used and the feature that uses it is provided for a better context. A # Active Directory # ...
    • Portals in ServiceDesk Plus Cloud

      Immediately after you log in to ServiceDesk Plus Cloud, you will be directed to the ESM Portal or the Self-Service Portal, depending on your permission scope. If you are added to multiple service desk instances, you will be redirected to the ESM ...
    • Search Knowledge Base

      Search from the home page is a faster way of accessing solutions. The search bar allows you to look for articles from various modules, including Solutions. You can preview the articles by simply clicking them. Click Pop Out  to open the article.     ...