Forum Discussion

Chris Stewart2's avatar
Chris Stewart2
New Member
8 years ago

How can I allow AD users to login to the service desk when working externally from the office.

I have followed the GoToAssist documentation on setting the system up for auto creation of the users with Active Directory.  This works well and users are able to go a friendly url when within the company network and automatically get passed through to the system so they can see the status of there calls or log new ones.  However if a user goes to companyname.assist.com when they are external to the network to check on a call status of log another call it does not accept there password.  Is there anyway I can get it so that they can reach this URL and be able to login entering there company username and password?  Thank you for your help
  • GlennD's avatar
    GlennD
    GoTo Manager
    Hi Chris,

    I've reached out to our support team for some assistance with this one and there are some limitations with SSO implementation currently. If the customers were created using the customer AD pass through, it is currently not possible for them to login from outside the network with those credentials. Once they are created that way we pass the authentication off to IIS, so a VPN would be required.
    • You could delete them all and recreate the accounts by importing the list of customers rather then use IIS. They could still log in via the IIS pass through, but if the accounts are created outside of automatically, then they can log in just at the portal as well.  
    • The second option is as I mentioned already, have them connect via a VPN or login into a local computer using remote access (GoToMyPC etc)
    • Haq Saq's avatar
      Haq Saq
      New Member

      Hi @GlennD

       

      I think this is a good compromise until you hit a key barrier:

       

      We have employed your option 1 and therefore now we have the internal AD login enabled and successful. HOWever, when we create new users and this sends them an invitation. Rather than reading the invitation and actioning upon it. They will access the helpdesk through the IIS page or clicking on Active Directory login on the page and overwrite the account we created for them. If they later (2 minutes later) decide to create a password for he accont in case they need access to the helpdesk outside the office (and without VPN). They cant use the activation link anymore. The link now says the account is already activated and the user has never setup a known password. If the user then tries to login through the internet portal and clicks on "Forgotten Password" link. They'll recieve a message: "Could not find a user with that email address."

       

      Isnt there anyway we can just have both without forcing the user to do anything first? This is really rather frustrating not knowing what account is being used - i.e. self registered or the one IT created.

       

      Thanks,

      Haq

      • GlennD's avatar
        GlennD
        GoTo Manager

        Thanks for the detailed feedback Haq Saq, I am sharing it with our SSO team to see if they have any suggestions or news that I can share about any improvements coming to our SSO implementation.

  • Hi Glenn thanks for the response.   They aren't connected via VPN.  We were hoping that you could still go to the direct link and login using the account created by the SSO registration process.  Is this not the case?  Ideally users would be able to login on there phones or other devices while on the move without the need to first create a VPN connection.
  • GlennD's avatar
    GlennD
    GoTo Manager
    Hi Chris,

    Are these users connected to your network via a VPN, if not I believe that will be your issue.