To allow users from Azure Active Directory to access the ServiceDesk Plus application via SAML authentication, you must configure ServiceDesk Plus as an enterprise application in Azure.
Follow the steps given below to configure ServiceDesk Plus as a service provider in Azure.
Before starting the configuration process, make sure that the ServiceDesk Plus application runs in HTTPS mode.
Log in to your Azure domain.
Under Azure Services, click Enterprise Applications.
Click New Application.
On the displayed page, click Create your own application.
Provide a name for your application.
Choose Integrate any other application you don't find in the gallery and click Create.
On the next window, click Single sign-on > SAML.
On the next page, edit Step 1 and paste Entity ID and Assertion URL from ServiceDesk Plus.
Under Logout URL, paste the Single Logout Service URL of ServiceDesk Plus.
Click Save.
Edit Step 2 and click Unique User Identifier.
On the displayed window, choose the name identifier format. ServiceDesk Plus supports persistent, email address, and unspecified name identifier formats for login. The following table shows the difference in configuration between the supported formats.
|
Persistent |
Email Address |
Unspecified |
|
Choose this if you want to log in using the login name configured in ServiceDesk Plus. |
Choose this if you want to log in using the email address configured in ServiceDesk Plus. |
Choose this if you want to log in using the User Principal Name of your Active Directory account imported into ServiceDesk Plus. |
|
If the user accounts in ServiceDesk Plus have an associated domain, select Email Address as the name identifier format.
If the user accounts in ServiceDesk Plus do not have an associated domain, select the source attribute that matches the login name in ServiceDesk Plus.
|
Select the Source as Attribute and Source Attribute as user.mail. |
Select the Source as Attribute and Source Attribute as user.userprincipalname. |
Click Save.
Add additional attributes under Additional Claims. These attributes are used by SP to create a complete profile for dynamic users.
To add additional attributes, click Add new claim.
Provide a name. This will be used by the SP to fetch the value for that corresponding field.
If you want to send the claim as URI, choose URL prefix under Namespace.
Select the Source as Attribute.
Choose Source Attribute.
Edit Step 3 and select SHA-256 as algorithm. Ensure that you choose the same algorithm in ServiceDesk Plus.
Click 
> Raw certificate download to download the certificate. You have to upload this certificate in the configuration page of ServiceDesk Plus.
Click Save.
Copy the Login URL to ServiceDesk Plus. Please note that you must paste the login URL for both login URL and logout URL in ServiceDesk Plus.
Click Users and Groups from the left panel to add various users to the application.
You have now configured ServiceDesk Plus as a service provider in Azure.
Go to SAML configuration page in ServiceDesk Plus and provide the IdP details to configure SAML authentication with Azure as identity provider.