Cayzu Help Desk Support



Configuring SSO for Active Directory (AD) and LDAP (Agent Portal)

Created: 11/27/2017
Article #: 210


How to configure Agent SSO for Microsoft Active Directory (AD) on Windows server 2008.

 

 

NOTE: If you are an existing user of Cayzu's AD script, please note that it was updated Sept 15, 2017.  Download it here

 

Part A: Configuring your Windows Server 2008/ 2012

 

 

Please be sure the following server role is installed:

 

- IIS (must be part of your domain / access to your domain controller)


 

 

 

 

For IIS Roles Services, please make sure to install the following:

- Application Development
- ASP.NET
- ASP
- Server Side Includes
- Windows Authentication

 

After you have installed the roles and services, please configure IIS Server to use "Windows Authentication".

Note: Please disable "Anonymous Authentication".

 


Ex)

 

 

 

 

 

Part B: Download the authentication script on your IIS Server that you setup above.

 

Step 1. Download the ASP authentication script from: 

https://portal.cayzu.com/files/1001/0C7DD7B4-FA1B-4272-9F0C-19A7F8FDC1FB/kb/topics/6135/adauthagent_Sept15_2017.zip

Step 2. Create a new folder in your IIS server root and name it "Cayzu". Ex) c:\inetpub\wwwroot\Cayzu\

Step 3. Unzip the .zip file that you downloaded and move the adauth.asp and CAYZUHMACMD5.dll file into the folder you created in step 2. 

Step 4. Open a command prompt (CMD) window and execute the following:

 

 

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe <PATH_TO_DLL> /codebase

 

Ex)

 

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe c:\inetpub\wwwroot\Cayzu\CAYZUHMACMD5.dll /codebase

 

 

Part C: Enable Simple Agent SSO in Cayzu.

Step 1. Login to Cayzu help desk portal with an administrative account  

Step 2. Click on Sprocket

Step 3. Click on Security from the left menu

Step 4. Check on "Simple SSO (Single Sign On)"

 

Step 5. Set the remote login url to http://yourserver/Cayzu/adauthagent.asp (Note: Please replace yourserver with the name of your IIS Server that will be running the script that you will configure below)

 

 

Part D: Configure the ASP authentication script.

 

 

On your IIS Server:

 

Step 1. Open the adauthagent.asp in Notepad.

Step 2. Replace the two variables, sLdapUsername and sLdapPassword with a domain user that has READ ONLY access to all your user accounts for the LDAP lookup.

Ex)

sLdapUsername = "Cayzu\ReadOnlyAccount"
sLdapPassword  = "Password123"

Step 3. Replace the sSharedSecret variable with your Cayzu Shared Secret token that can be found in the Admin Hub->Security Section. 

Ex)

sSharedSecret = "XYs134bf1dsfads132jknnmsd341d3"

Step 4. Replace the sHelpdeskURL variable with your Cayzu End User Portal URL.

Ex)

sHelpDeskURL = "mycompany"

Step 5. Save the file.

 

 

 

Part E: Executing the script.

Step 1. Open you Internet Browser, and navigate to: http://yourserver/Cayzu/adauthagent.asp

If everything is configured correctly, your browser should auto-redirect you to your help desk and login using your Active Directory account.

 

 

Note: Now on your customer portal, you will see a link for your SSO sign in that the users can use to authenticate with.

 

 

 

Debugging

If you have to debug the script, simply pass the debug parameter with a value of 1.

Ex)

http://yourserver/Cayzu/adauthagent.asp?debug=1

 

 

Need more help setting up? Drop us an email at support@cayzu.com .  

 

 

Have more questions about Cayzu Help Desk? Check us out a www.cayzu.com








Rate this FAQ:
Rating: 0.00 / Votes: 0