Active Directory Authentication for SaaS Helpdesk

If your organization uses Microsoft Active Directory, you should not have to force your team onto yet another set of credentials just to submit a support ticket. Jitbit's SaaS helpdesk connects directly to your Active Directory so every user logs in with the Windows account they already have - no new passwords, no manual user provisioning, no friction.

This works through Windows-integrated authentication. A lightweight script runs on your local IIS server, authenticates users against your LDAP directory, and redirects them into the cloud-hosted helpdesk. The entire process is invisible to end users - they click a link and they are in.

Why Active Directory Integration Matters for a SaaS Helpdesk

Most IT teams choose a SaaS helpdesk to eliminate server maintenance, get automatic updates, and reduce overhead. But they still need their internal user directory. Active Directory integration gives you both:

  • Zero password fatigue - employees use their existing Windows credentials to access the helpdesk, which means fewer password-reset tickets and higher adoption rates.
  • Centralized user management - when someone joins or leaves the company, your Active Directory changes propagate automatically. No duplicate user lists to maintain.
  • Security and compliance - authentication stays on your network. Credentials never touch Jitbit's servers. Your existing Group Policies, password complexity rules, and lockout thresholds all still apply.
  • Cloud benefits, on-prem identity - you get the full power of a hosted helpdesk (automatic updates, backups, uptime monitoring) without giving up your local user catalog.

How Active Directory SSO Works with Jitbit

Before this feature existed, connecting Active Directory to a cloud helpdesk required self-hosting the entire application. Jitbit eliminated that tradeoff. Here is how the integration works:

  1. You deploy a small authentication script on any local IIS server (IIS comes included with every Windows Server edition).
  2. When a user navigates to the helpdesk, the script authenticates them against your LDAP/Active Directory using their Windows-integrated account.
  3. The script generates a secure token and redirects the user into the Jitbit SaaS helpdesk - already logged in.

Your IIS server does not need to be in the DMZ or have direct Internet access. The authentication happens entirely on the client side, so it works right out of the box on your internal network.

Other Single Sign-On Options (SAML, OAuth, and More)

Active Directory via the IIS script is one of several SSO methods Jitbit supports. Depending on your infrastructure, you may also want to consider:

  • SAML 2.0 - works with Azure AD (Microsoft Entra ID), Okta, OneLogin, ADFS, and any SAML-compliant provider. See the full SAML setup guide.
  • "Sign in with Microsoft" and "Sign in with Google" - zero-configuration OAuth options you can enable with a single checkbox.
  • Authentication API - generate secure, time-limited auto-login links for custom integrations. Read the API documentation.

If you already use Azure AD or another cloud identity provider with SAML, that route may be simpler. The IIS-based Active Directory script is ideal when your directory is on-premises and you want a direct LDAP connection without a cloud identity broker.

Setup Instructions: Active Directory Script for SaaS Helpdesk

Step 1: Get the Script

Log in to your Jitbit Helpdesk admin panel. Navigate to Administrator → General Settings and find the "Shared secret for remote authentication" field. The download link for the Active Directory script appears right next to it.

Step 2: Deploy to IIS

  1. Place the downloaded script in a folder on your local IIS server.
  2. Disable anonymous access for that folder (the script must run under Windows-integrated authentication).

Step 3: Configure the Script

Open the script file and set the following variables:

  • sLdapReaderUsername and sLdapReaderPassword - a valid service account for LDAP lookups against your Active Directory.
  • sSharedSecret - the shared secret from your Jitbit admin panel (this must match exactly).
  • sReturnURL - your Jitbit helpdesk URL (e.g., https://yourcompany.jitbit.com/helpdesk/).

Step 4: Test It

Open the script in a browser (e.g., http://yourserver/iis_auth.asp). If everything is configured correctly, you will be authenticated against Active Directory and redirected into the SaaS helpdesk automatically.

For troubleshooting, append ?debug=1 to the URL (e.g., http://yourserver/iis_auth.asp?debug=1) to see diagnostic output.

Frequently Asked Questions

Does my IIS server need to be publicly accessible?

No. The script runs on the client side within your internal network. Your IIS server does not need a public IP address or DMZ placement.

Can I use this with Azure AD instead of on-premises AD?

If your directory is in Azure AD (Microsoft Entra ID), you are better served by the SAML integration, which connects directly without needing a local IIS server.

What about user provisioning?

Users are created automatically in the helpdesk the first time they log in via Active Directory. For automated provisioning and deprovisioning synced with your identity provider, Jitbit also supports the SCIM protocol.

Is this secure?

Yes. Credentials never leave your network - they are validated locally against your LDAP directory. Only a secure, time-limited token is passed to Jitbit's servers. Your existing Active Directory security policies (password complexity, account lockout, multi-factor authentication) remain fully in effect.

more whitepapers

Features

9 reasons to choose Hosted Zendesk vs. Jitbit What is SaaS Active Directory Authentication Cloud Help Desk Free Email account and more Authentication API Online Ticketing System Benefits Single Sign On SLA and Help Desk Automation Helpdesk API Helpdesk for your industry

Resources

Customer reviews User guide FAQ What's new Version history Free trial Pricing