Layton ServiceDesk - FAQ - NTLM (Auto) Login

From Layton Support
(Difference between revisions)
Jump to: navigation, search
m (Split into "End User" and "Analyst" subsections)
 
(36 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Layton ServiceDesk™ also offers NTLM Auto Login (Single Sign On) which will authenticate by comparing the username of the currently logged in Windows account against the database of users in ServiceDesk. If there is a match, then the user will be automatically logged into the system.
+
<p align="right">[[File:btn_back_up.png|link=User Guide for Layton ServiceDesk]] [[User Guide for Layton ServiceDesk|<u>Back to Contents</u>]]</p>
 +
__FORCETOC__
 +
=Overview=
 +
Layton ServiceDesk also offers NTLM Auto Login (Single Sign On). NTLM Auto Login works by comparing the username of the Windows account running the ServiceDesk web browser session against the database of users in ServiceDesk. If a match is found, then the user will be automatically logged into ServiceDesk.
  
 
Users may either save the NTLM Auto Login URL to their favorites or create a shortcut. Alternatively, you may want to create a link on the initial ServiceDesk login screen that points to the NTLM Login URL. When the user lands on the login screen, rather manually entering their credentials, they will simply click the NTLM Auto Login hyperlink and it will log the user into Layton ServiceDesk using NTLM.
 
Users may either save the NTLM Auto Login URL to their favorites or create a shortcut. Alternatively, you may want to create a link on the initial ServiceDesk login screen that points to the NTLM Login URL. When the user lands on the login screen, rather manually entering their credentials, they will simply click the NTLM Auto Login hyperlink and it will log the user into Layton ServiceDesk using NTLM.
  
 +
=Install Windows Authentication Server Role=
 +
Failure to install the ''Web Server (IIS) > Web Server > Security > Windows Authentication'' server role will result in this error when loading the auto-login page:
 +
 +
    <nowiki>401 – Unauthorized: Access is denied due to invalid credentials.
 +
  (You do not have permission to view this directory or page using the credentials that you supplied).</nowiki>
 +
 +
==Procedure==
 +
#Open Server Manager.
 +
#From the Dashboard, click ''2 Add roles and features''. The ''Add Roles and Features Wizard'' will open.
 +
#In the ''Installation Type'' tab, ensure that the ''Role-based or feature-based installation'' radio button is selected, and click the ''Next >'' button.
 +
#In the ''Server Selection'' tab, ensure that the ''Select a server from the server pool'' radio button is selected, select the server and click the ''Next >'' button.
 +
#In the ''Server Roles'' tab, in the list of Roles, expand ''Web Server (IIS) > Web Server > Security'' and check ''Windows Authentication''. Click the ''Next >'' button.
 +
#In the ''Confirmation'' tab, click the ''Install'' button. The ''Web Server (IIS) > Web Server > Security > Windows Authentication'' server role will be installed.
 +
#When complete, close the ''Add Roles and Features Wizard''.
 +
#Open IIS Manager.
 +
#In the left-hand column, expand ''SERVERNAME > Sites > Default Web Site'' and click the ''LaytonServiceDesk'' virtual directory.
 +
#In the ''IIS'' section in the center column, double-click ''Authentication''.
 +
#In the ''Authentication'' section in the center column, click ''Windows Authentication'' and click the ''Enable'' button in the right-hand column.
 +
#Once enabled, click the ''Providers...'' button in the right-hand column.
 +
#In the ''Providers'' dialog, click ''NTLM'' and the ''Move Up'' button until ''NTLM'' is at the top of the list of Enabled Providers. Click the ''OK'' button.
  
 
=End User NTLM Configuration=
 
=End User NTLM Configuration=
  
==Setting==
+
==Settings==
NTLM is automatically enabled for End Users created using the '''[[Layton ServiceDesk™ - Utilities - LDAP Import End User|LDAP (AD) Import End User]]''' utility. If a user is created manually, then the NTLM setting must be manually enabled as it is turned Off by default. NTLM login may be disabled or enabled and will over-ride the default if set in:
+
NTLM is automatically enabled for End Users created using the '''[[Layton ServiceDesk - Utilities - LDAP Import End User|LDAP (AD) Import End User]]''' utility. If a user is created manually, then the NTLM setting must be manually enabled as it is turned Off by default. NTLM login may be disabled or enabled and will over-ride the default if set in:
'''[[Layton_ServiceDesk™_-_Settings_-_Company_Structure_-_Manage_End_User#Properties|Administration > Company Structure > Manage End User]]'''.
+
'''[[Layton_ServiceDesk_-_Settings_-_Company_Structure_-_Manage_End_User#Properties|Administration > Company Structure > Manage End User]]'''.
  
 
==URL==
 
==URL==
 
NTLM Login URL:
 
NTLM Login URL:
        http://SERVER_NAME/APPLICATION_NAME/EUserAuto.aspx
 
  
So if your ServiceDesk is normally accessed at http://lsdserver/LaytonServiceDesk, then your End User NTLM Login URL would be:
+
    <nowiki>http://SERVER_NAME/APPLICATION_NAME/EUserAuto.aspx</nowiki>
        http://lsdserver/LaytonServiceDesk/EUserAuto.aspx
+
  
 +
So if your ServiceDesk is normally accessed at '''<nowiki>http://lsdserver/LaytonServiceDesk</nowiki>''', then your End User NTLM Login URL would be:
  
 +
    <nowiki>http://lsdserver/LaytonServiceDesk/EUserAuto.aspx</nowiki>
  
 
=Analyst NTLM Configuration=
 
=Analyst NTLM Configuration=
  
 
==Settings==
 
==Settings==
NTLM is automatically enabled for Analysts created using the '''[[Layton ServiceDesk™ - Utilities - Import Analyst (LDAP)|LDAP (AD) Import Analyst]]''' utility. If an Analyst is created manually, then the NTLM setting must be manually enabled as it is turned Off by default. NTLM login may be disabled or enabled and will over-ride the default if set in '''[[Layton_ServiceDesk™_-_Settings_-_Company_Structure_-_Manage_Analyst#General_Settings|Administration > Company Structure > Manage Analyst]]'''.
+
NTLM is automatically enabled for Analysts created using the '''[[Layton ServiceDesk - Utilities - Import Analyst (LDAP)|LDAP (AD) Import Analyst]]''' utility. If an Analyst is created manually, then the NTLM setting must be manually enabled as it is turned Off by default. NTLM login may be disabled or enabled and will over-ride the default if set in '''[[Layton_ServiceDesk_-_Settings_-_Company_Structure_-_Manage_Analyst#General_Settings|Administration > Company Structure > Manage Analyst]]'''.
  
 
==URL==
 
==URL==
 
NTLM Login URL:
 
NTLM Login URL:
        http://SERVER_NAME/APPLICATION_NAME/UserAuto.aspx
 
 
So if your ServiceDesk is normally accessed at http://lsdserver/LaytonServiceDesk, then your Analyst NTLM Login URL would be:
 
        http://lsdserver/LaytonServiceDesk/UserAuto.aspx
 
  
 +
    <nowiki>http://SERVER_NAME/APPLICATION_NAME/UserAuto.aspx</nowiki>
  
 +
So if your ServiceDesk is normally accessed at '''<nowiki>http://lsdserver/LaytonServiceDesk</nowiki>''', then your Analyst NTLM Login URL would be:
  
 +
    <nowiki>http://lsdserver/LaytonServiceDesk/UserAuto.aspx</nowiki>
  
 
=Optional Settings=
 
=Optional Settings=
If NTLM authentication has been implemented, then you may want to disable the manual login process as it may no longer be necessary in your organization. This is done by removing the End User Login and Registration links from the ServiceDesk login screen in '''[[Layton ServiceDesk™ - Settings - Form Design - Login|Administration > Form Design > Login]]'''.
+
If NTLM authentication has been implemented, then you may want to disable the manual login process as it may no longer be necessary in your organization. This is done by removing the End User Login and Registration links from the ServiceDesk login screen in '''[[Layton ServiceDesk - Settings - Form Design - Login|Administration > Form Design > Login]]'''.
 
+
=URLs for NTLM Auto Login=
+
 
+
 
+
 
+
 
+
 
+
 
+
  
 
=Post-NTLM Login Redirection=
 
=Post-NTLM Login Redirection=
 +
==End User==
 +
===Format===
 
You may also create a URL which will redirect the user to a specific webpage in ServiceDesk after NTLM authentication completes. The benefit of configuring the NTLM Login Redirection is that it will provide the intended webpage regardless of whether the End User is already logged into ServiceDesk or not.
 
You may also create a URL which will redirect the user to a specific webpage in ServiceDesk after NTLM authentication completes. The benefit of configuring the NTLM Login Redirection is that it will provide the intended webpage regardless of whether the End User is already logged into ServiceDesk or not.
  
For example, in '''[[Layton ServiceDesk™ - Settings - Libraries - Email Settings & Bodies|Email Settings & Bodies]]''', the standard (non-NTLM) URL to link an End User directly to his request is as follows:
+
For example, the standard (non-NTLM) URL to link an End User directly to Request ID 7153 is as follows:
 +
 
 +
    <nowiki>http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id=7153</nowiki>
  
        http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id={{sys_request_id}}
+
This will successfully load Request ID 7153 for the End User if he is already logged into ServiceDesk. A problem arises, however, when the End User is not already logged into ServiceDesk. If he is not currently logged in, he will be directed instead to the ServiceDesk user not authenticated page: ''Your login has timed out or you have tried to access a page directly without logging in''.
  
 +
The End User will be required to login first, and then he may go back to click the hyperlink and finally access Request 7153.
  
If this Email Notification was generated from Request ID 7153, then ''{{sys_request_id}}'' would be replaced with ''7153'' to yield the actual URL in the email body:
+
To resolve this issue, we use the '''NTLM Login Redirection''' URL to redirect a user to the specific webpage in ServiceDesk after the NTLM Auto-Login is complete. This is done by simply appending the following to the end of your NTLM login URL:
  
        http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id=7153
+
    <nowiki>?fwd=<your URL here></nowiki>
  
 +
Working from the previous example, if you wanted to provide an End User with a direct link to Request ID 7153, and at the same time allow NTLM Auto Login the URL would be formatted this way:
  
This will successfully load Request ID 7153 for the End User if he is already logged into ServiceDesk. A problem arises when the End User is not already logged into ServiceDesk. If he is not already logged in, when he clicks this URL in his email, he will be directed instead to the ServiceDesk user not authenticated page: ''Your login has timed out or you have tried to access a page directly without logging in''. This will require a manual login, at which point the End User may go back to his email to access the Request.
+
    <nowiki>http://SERVER_NAME/LaytonServiceDesk/EUserAuto.aspx?fwd=http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id=7153</nowiki>
  
To resolve this issue, a '''NTLM Login Redirection''' URL may be configured to redirect a user to the specific webpage in ServiceDesk after the NTLM authentication logs the user in. This is done by simply appending the following to the end of your NTLM login URL:
+
Note that the full URL as above will appear in the browser's address bar, but once the Request is closed, the direct link will be removed.
  
        ?fwd=<your URL here>
+
===Usage===
 +
The email body is modified to embed the URL.
  
 +
#Go to '''[[Layton ServiceDesk - Settings - Libraries - Email Settings & Bodies - Editing|Administration > Libraries > Email Settings & Bodies]]'''.
 +
#Click the Edit button [[File:Lsd btn edit 16px.png|link=]] for the Request Class you want to add a link to.
 +
#A suggested link text would be the Request ID. In this example, the token ''&#123;&#123;sys_request_id&#125;&#125;'' has been selected and the Hyperlink button has been clicked:<br /><p>[[File:Lsd ntlm link01.png|link=]]<br /></p>
 +
#Enter this URL in the ''URL'' field, where ''SERVER_NAME'' is the name of your server:<br /><p>'''<nowiki>http://SERVER_NAME/LaytonServiceDesk/EUserAuto.aspx?fwd=http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id=&#123;&#123;sys_request_id}}</nowiki>'''<br /></p>
 +
#Click the Save button [[File:Lsd btn save.png|link=]] to save the email body.
  
Working from the previous example, if you wanted to add a hyperlink to your Email Notifications to give the End Users direct access to the request, the URL would be formatted this way:
+
==Analyst==
 +
All the above applies, but substitute the filename ''ReqInfo.aspx'' for ''EReqInfo.aspx''.
  
        http://SERVER_NAME/LaytonServiceDesk/EUserAuto.aspx?fwd=http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id={{sys_request_id}}
+
=Manual Login=
 +
If for any reason an Analyst or End User needs to log in manually, they can log in manually. See '''[[Layton ServiceDesk - FAQ - Manual Login|this article]]''' for details.
 +
<p align="right">[[File:btn_back_up.png|link=User Guide for Layton ServiceDesk]] [[User Guide for Layton ServiceDesk|<u>Back to Contents</u>]]</p>

Latest revision as of 01:36, 24 May 2022

Btn back up.png Back to Contents

Contents

[edit] Overview

Layton ServiceDesk also offers NTLM Auto Login (Single Sign On). NTLM Auto Login works by comparing the username of the Windows account running the ServiceDesk web browser session against the database of users in ServiceDesk. If a match is found, then the user will be automatically logged into ServiceDesk.

Users may either save the NTLM Auto Login URL to their favorites or create a shortcut. Alternatively, you may want to create a link on the initial ServiceDesk login screen that points to the NTLM Login URL. When the user lands on the login screen, rather manually entering their credentials, they will simply click the NTLM Auto Login hyperlink and it will log the user into Layton ServiceDesk using NTLM.

[edit] Install Windows Authentication Server Role

Failure to install the Web Server (IIS) > Web Server > Security > Windows Authentication server role will result in this error when loading the auto-login page:

   401 – Unauthorized: Access is denied due to invalid credentials.
   (You do not have permission to view this directory or page using the credentials that you supplied).

[edit] Procedure

  1. Open Server Manager.
  2. From the Dashboard, click 2 Add roles and features. The Add Roles and Features Wizard will open.
  3. In the Installation Type tab, ensure that the Role-based or feature-based installation radio button is selected, and click the Next > button.
  4. In the Server Selection tab, ensure that the Select a server from the server pool radio button is selected, select the server and click the Next > button.
  5. In the Server Roles tab, in the list of Roles, expand Web Server (IIS) > Web Server > Security and check Windows Authentication. Click the Next > button.
  6. In the Confirmation tab, click the Install button. The Web Server (IIS) > Web Server > Security > Windows Authentication server role will be installed.
  7. When complete, close the Add Roles and Features Wizard.
  8. Open IIS Manager.
  9. In the left-hand column, expand SERVERNAME > Sites > Default Web Site and click the LaytonServiceDesk virtual directory.
  10. In the IIS section in the center column, double-click Authentication.
  11. In the Authentication section in the center column, click Windows Authentication and click the Enable button in the right-hand column.
  12. Once enabled, click the Providers... button in the right-hand column.
  13. In the Providers dialog, click NTLM and the Move Up button until NTLM is at the top of the list of Enabled Providers. Click the OK button.

[edit] End User NTLM Configuration

[edit] Settings

NTLM is automatically enabled for End Users created using the LDAP (AD) Import End User utility. If a user is created manually, then the NTLM setting must be manually enabled as it is turned Off by default. NTLM login may be disabled or enabled and will over-ride the default if set in: Administration > Company Structure > Manage End User.

[edit] URL

NTLM Login URL:

   http://SERVER_NAME/APPLICATION_NAME/EUserAuto.aspx

So if your ServiceDesk is normally accessed at http://lsdserver/LaytonServiceDesk, then your End User NTLM Login URL would be:

   http://lsdserver/LaytonServiceDesk/EUserAuto.aspx

[edit] Analyst NTLM Configuration

[edit] Settings

NTLM is automatically enabled for Analysts created using the LDAP (AD) Import Analyst utility. If an Analyst is created manually, then the NTLM setting must be manually enabled as it is turned Off by default. NTLM login may be disabled or enabled and will over-ride the default if set in Administration > Company Structure > Manage Analyst.

[edit] URL

NTLM Login URL:

   http://SERVER_NAME/APPLICATION_NAME/UserAuto.aspx

So if your ServiceDesk is normally accessed at http://lsdserver/LaytonServiceDesk, then your Analyst NTLM Login URL would be:

   http://lsdserver/LaytonServiceDesk/UserAuto.aspx

[edit] Optional Settings

If NTLM authentication has been implemented, then you may want to disable the manual login process as it may no longer be necessary in your organization. This is done by removing the End User Login and Registration links from the ServiceDesk login screen in Administration > Form Design > Login.

[edit] Post-NTLM Login Redirection

[edit] End User

[edit] Format

You may also create a URL which will redirect the user to a specific webpage in ServiceDesk after NTLM authentication completes. The benefit of configuring the NTLM Login Redirection is that it will provide the intended webpage regardless of whether the End User is already logged into ServiceDesk or not.

For example, the standard (non-NTLM) URL to link an End User directly to Request ID 7153 is as follows:

   http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id=7153

This will successfully load Request ID 7153 for the End User if he is already logged into ServiceDesk. A problem arises, however, when the End User is not already logged into ServiceDesk. If he is not currently logged in, he will be directed instead to the ServiceDesk user not authenticated page: Your login has timed out or you have tried to access a page directly without logging in.

The End User will be required to login first, and then he may go back to click the hyperlink and finally access Request 7153.

To resolve this issue, we use the NTLM Login Redirection URL to redirect a user to the specific webpage in ServiceDesk after the NTLM Auto-Login is complete. This is done by simply appending the following to the end of your NTLM login URL:

   ?fwd=<your URL here>

Working from the previous example, if you wanted to provide an End User with a direct link to Request ID 7153, and at the same time allow NTLM Auto Login the URL would be formatted this way:

   http://SERVER_NAME/LaytonServiceDesk/EUserAuto.aspx?fwd=http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id=7153

Note that the full URL as above will appear in the browser's address bar, but once the Request is closed, the direct link will be removed.

[edit] Usage

The email body is modified to embed the URL.

  1. Go to Administration > Libraries > Email Settings & Bodies.
  2. Click the Edit button Lsd btn edit 16px.png for the Request Class you want to add a link to.
  3. A suggested link text would be the Request ID. In this example, the token {{sys_request_id}} has been selected and the Hyperlink button has been clicked:

    Lsd ntlm link01.png

  4. Enter this URL in the URL field, where SERVER_NAME is the name of your server:

    http://SERVER_NAME/LaytonServiceDesk/EUserAuto.aspx?fwd=http://SERVER_NAME/LaytonServiceDesk/EReqInfo.aspx?sys_request_id={{sys_request_id}}

  5. Click the Save button Lsd btn save.png to save the email body.

[edit] Analyst

All the above applies, but substitute the filename ReqInfo.aspx for EReqInfo.aspx.

[edit] Manual Login

If for any reason an Analyst or End User needs to log in manually, they can log in manually. See this article for details.

Btn back up.png Back to Contents

Personal tools
Namespaces

Variants
Actions
Main Page
Online User Guides
General Support
Release Notes
Toolbox