You can choose to use Active Directory authentication as its authentication method for ServiceDesk.. You can synchronize ServiceDesk with Active Directory. This synchronization lets you add and update Active Directory users, organizational units, and groups in the Process Manager database. During synchronization, data from Active Directory updates data that are in the Process Manager database. The Process Manager database does not store sensitive information such as passwords.
You add Active Directory synchronization profiles, after you connect ServiceDesk to an Active Directory server. These synchronization profiles let you import the entire Active Directory domain or specific organizational units and groups. These units and groups are not the same as the organizational groups that ServiceDesk uses to categorize users.
The communication between ServiceDesk and Active Directory occurs by means of LDAP queries against the Active Directory database. ServiceDesk provides several ways to initiate the synchronization
The Active Directory synchronization performs the following actions:
Imports and updates the Active Directory users in ServiceDesk
Imports and updates the Active Directory organizational units and groups in ServiceDesk
When you use Active Directory authentication, you still can create user accounts and organizational units in ServiceDesk. For example, you might create an account for a short-term contractor who you do not want to add to Active Directory
After you install ServiceDesk, you can set up your Active Directory server connections, synchronization schedules, and sync profiles. ServiceDesk can then synchronize with Active Directory to obtain new and updated users and groups.
Active Directory synchronization affects the changes and deletions of ServiceDesk user accounts as follows:
When you delete a user from Active Directory, the user is not deleted from ServiceDesk. The user is only disabled in ServiceDesk.
Any changes that you make to a user in ServiceDesk are overwritten during the next synchronization.
If you edit user information or delete a user in Active Directory instead, the information is updated in ServiceDesk during the next synchronization. This rule applies to the users group, manager, and organizational unit information.