Active Directory Integration

With Trakdesk Single Sign On capabilities, you can use your own applications or server like (Microsoft Active Directory) to authenticate users to your helpdesk without having to enter a separate username and password. 

This article describes how to configure SSO for Microsoft Active Directory on Windows server 2008.

Configuring your Windows Server

You need IIS and ASP installed on your Windows server for this to work. Your IIS server has to be part of your domain and have access to your domain controller.

For the IIS Roles Services, install the following;

• Application Development
• ASP.NET
• ASP
• Server Side Includes
• Basic Authentication

Once the roles and services has been installed, you then have to configure the authentication of your IIS server. Trakdesk works with the "Basic Authentication". 

Note: Make sure to disable Anonymous Authentication or else users will not get prompted to enter their Windows username and password and will lead to a failed login.

Enabling Simple SSO

• Login to your helpdesk as an administrator.
• Go to the Admin Page.
• Select the Security Settings option. Enable Single Sign On and select Simple SSO.
  

Downloading and configuring the authentication script

• Download the ASP authentication script from this link:https://d2vsckke8ub29r.cloudfront.net/apps/ms_active_directory/trakdesk_ms_active_directory_auth.zip
• Unzip the .zip file and and copy the auth.asp file. 
• Create a new folder in your IIS server root and name it "trakdesk". Example; c:\insetpub\wwwroot\trakdesk\
• Place the script into the trakdesk folder.

Once done, open the script in Notepad or any other text editor. 

• Configuring a username and password 

  ' Credentials for a domain user for LDAP access
    sLdapReaderUsername = "Domain\Username"
    sLdapReaderPassword = "Password"

  Enter a valid username and password that has READ ONLY access to all user accounts for the LDAP lookup.
  
• Configuring your SSO secret and helpdesk URL

  ' Shared secret from the remote authentication page
     sSharedSecret = "YOUR_SHARED_SECRET"
     sHelpdeskURL = "YOUR_TRAKDESK_URL/auth/sso"

  Enter your SSO Shared Secret and your helpdesk URL. You can find your SSO Shared Secret in Admin -> Security Settings.
  
  Helpdesk URL example: https://subdomain.trakdesk.com/auth/sso
  

Once completed, save the file and execute the script. You can execute the script in your browser. 

For example: http://yourserver/trakdesk/auth.asp

If properly configured, your browser will redirect and automatically authenticate you to your helpdesk using your MS Active Directory account.

Debugging

For debugging, you can call the script with debug=1. 

For example: http://yourserver/trakdesk/auth.asp?debug=1

DEBUG: TRAKDESK\test - should be of the form DOMAIN\username - if blank, your IIS probably allows anonymous access to this file.
DEBUG: DomainContainer: DC=Trakdesk,DC=com
DEBUG: Full name: Test User
DEBUG: Email: test@trakdesk.com
DEBUG: Redirecting to: https://domain.trakdesk.com/auth/sso?full_name=Test&email=test%40trakdesk%2Ecom&tstp=1465970777&hash=46f0ed5372e1d22d87658f90d4be468d

Note: Your IIS server does not need to have access to the internet for this script to work.