News & comment posted by Danny Kellett
● Video walkthroughs: SSO enabling AR System
posted by Danny Kellett on 27th February 2011
We've updated our SSO Plugin installation videos with voice commentary and a written transcript.
Enabling SSO on the AR System. Read the commentary.
Integrating Midtier with built-Active Directory integration. Read the commentary.
● Perfect, genuine client example of SSO value add.
posted by Danny Kellett on 9th February 2011
We were asked to conduct a workshop regarding the impact of implementing single sign on (SSO) by a global outsourcing company, where thousands of end user contacts are added frequently, using BMC Service Management Suite (ITSM). They presented the following scenario:
The end user calls the service desk to log an issue. He/she has never logged into SRM - Service Request before, actually not knowing they had the ability to, or what details to use for the login or password.
The service desk agent logs the details into Incident Management
The BMC Remedy application sends an automated email with the URL link for the users convenience
The user receives the email and tries the link. But as they do not know thier login and password, they ring the service desk again to ask for the details
It was soon apparent that the customer was paying for two service desk calls. With the cost of service desk calls as documented by leading analysts rising, it was easy to see why implementing SSO was seen as an instant cost reduction excersise.
The management summary of the presentation is that in many cases, implementing SSO Plugin would reduce their call rate by 50% and increase thier first call resolution rate.
● Active Directory for the AR System administrator
posted by Danny Kellett on 18th January 2011
OK, so you'ave been a workflow guru for a while now. You have read a few ars-list posts about integration with Active Directory or LDAP, you maybe have looked at the ‘OU=’ queries and thought “...yes... hmmmm” but left it at that and decide the detail is for another day.
Then, without warning, you're told: “We need our users in Remedy/AR System/ITSM to sync with AD”, or asked “Why are our usernames different to our domain names?”
Now us AR System administrators are made of some tough stuff. We know it can be done, we have seen posts on lists so we know we don't have to reinvent the wheel and more importantly, we don't want to become AD/LDAP administrators or design corporate networks, we don't want to read the overly detailed Microsoft Technet bibles that are the size of small car, with font sizes of 1 and are known to trigger narcolepsy before the first chapter.
We just want to know enough to get the job done, save a bit of time automating something and of course ticking off another item on the new years resolution list, “Learn some new techie stuff”.
For many things in life, you have to start at the beginning before you can move on to the rest. That start is here. My first, in what I will hope is a series, will be an introduction into AD, the basic terminology and how to query it.
What is Active Directory
If you visit the Microsoft website seeking a definition of AD, you will find words such as hierarchical, distributed, extensible. Then you stumble across terms such as trees, forests and leaves. See what I mean? Confusion from the first step. As promised, I will keep things simple and on a need to know basis. Depending on the version of Windows Server you are using, will depend on what term your AD will be known as. Here are a few: Active Directory Domain Services, Active Directory Lightweight Directory Services, ADAM... The important thing to know, is that all of the above can be explained as a datastore of information. This data is organised into individual objects, each object having certain set of attributes associated with it. For example, in AR System terms, we have an AR System schema, with forms and those forms have fields.
Now I think that's enough boring explanation for the first entry. So now lets see what your domain says about you. If you are using a desktop/laptop that's joined to a domain, you can query using a built in console. If not, but you have network access to a domain, then you can use a Microsoft utility called ldp.exe.
Click the Start button -> Run (or if this has been hidden by your administrators then you can run this command through a cmd.exe or command prompt):
%SystemRoot%\SYSTEM32\rundll32.exe dsquery,OpenQueryWindow
Make sure there are no spaces before or after the comma.
If you see an error message "The Active Directory Domain Service is currently unavailable" then you are not logged into a domain and you will need to use the ldp.exe with a domain login name and password (Will show you that in the next blog).
So now you have the dialog. Put your domain name in the Name field and click Find Now. You should see the results pane with your domain entry. From there you can right click and view the properties etc. There is an Advanced tab where you can specify more search attributes etc. Have a play!
The next blog entry will show you how to query for more interesting data such as new accounts from a specific date, find people with or without an email, find accounts that are disabled etc.
Thanks for your time.
Danny
● Materna Monitor
posted by Danny Kellett on 1st April 2010
Materna, a European reseller, produce an article on the SSO Plugin in their Materna Monitor magazine.