Signing up
You can get look at all the features and sign up here.
Accessing the help desk
You can start by logging in at on.spiceworks.com. This will log you in and take you to your ticket listing.
Setting up the help desk
Now that you’ve signed up and logged in, it’s time to get down to business and get your help desk set up. Start by navigating to the Settings page by clicking the link in the left nav bar.
- Employee Administration: This is where you can add your additional help desk staff. Simply click Add employee and enter their name, email address, role and hourly rate (if you need to keep track of ticket costs). They’ll receive an email from Spiceworks with a link to register their account and choose a password.
- Admin: Admins have access to all of the help desk. They can see and edit all tickets, edit settings, and view all reports and exports.
- Manager: Managers can see and edit all tickets, reports and exports. They cannot edit global settings.
- Tech: Techs can only see and edit tickets where they are the ticket creator, assignee, or a CC’d user. They cannot delete tickets, edit global settings, or access Exports.
- Owner: Owner is an admin that can’t be deleted. To make someone else the Owner, the current owner must login and add or edit another employee as Owner.
Deleting employees To delete an admin, manager, or tech, click Delete next to their name. You cannot delete the Owner user, or the user you are logged in with.
- Organizations: Organizations are your way to manage multiple clients or sites. You can set up as many organizations as you need and each one will have its own email address, attributes, user portal,
categories, etc. Just click the “+” next to Organizations and choose a name and email address (NOTE: The first character of an organization email must be a letter and not a number, all characters must be alphanumeric (can include a dash), lowercase, and contain at least four characters.)
Submitting tickets
There are 3 ways for tickets to get to your help desk. You can create them yourself (the ol’ drive-by ticket), you and your end users can email them, or they can submit them through a user portal.
Creating tickets yourself
Let’s hope you never need to know how to do this. End-users can be self-sufficient, right? I know… Sigh. Anyway, when you’re looking at the ticket table in the help desk, there’s a + New Ticket button. Click that.
Now just fill out the fields on that form and click Save. Now your ticket is listed in the ticket table. Pretty easy, even though it is mildly inconvenient for you to do this yourself.
Emailing tickets
This will be one of the two ways that you want to receive tickets. Your users email you their problems, and you’ll only need to add the attributes you deem important. Your end users just need to email the address you created for the organization and you’ve got yourself a ticket that you can respond to through the help desk or directly from email. Check out the customizing and working the help desk doc for more tips and tricks.
You can help prevent spam tickets by using the incoming email whitelist setting. Just navigate to Settings, choose the organization you want to create the whitelist for and then click Edit next to Email Settings. Now just enter the domains you want to be able to submit tickets. Emails sent from any other domain will be rejected.
Submitting through the user portal
This is another convenient method for your end users to submit tickets. Basically, they’ll go to your portal (whatever your help desk url is with /portal at the end), fill out the form and a new ticket is born. Your end users don’t need to be added to your help desk or have passwords to remember or anything. They’ll either enter their email address or submit tickets anonymously. Your users can also use the user portal to view their tickets (open and closed) and get details like who is working on it, due date, activity, and more.
You can edit the text displayed in your user portal from the Settings page. Just choose the organization and then you can click the fields in the user portal section to edit them.
- Page Title: This appears at the very top of the portal. Use this to identify your company and the fact that this is indeed a ticketing system.
- Form Title: This is the text that will appear just above the ticket form. Use this to title the actual ticket form.
- Form Message: This text appears just below the form title. Use it to indicate that these fields constitute a ticket and will lead to the end-user getting their problem addressed and solved.
- Success Title: This is the message your end users will see after the ticket has been successfully submitted. You can use this text to be sarcastic and congratulate them for correctly clicking a submit button, or be professional and let them know that their ticket has been received and that they should expect help shortly. Your call.
- Displayed Email: There’s a little box in the user portal that lets your users know that they can also send an email to the address listed here. Most of the time, you’ll just leave this field alone, but if you’ve set up some email forwarding to use a different email address, you can enter that one here.
- Category: Here you have 2 options. You can choose whether you want to include the category field for your end-users to be able to attempt to categorize their tickets themselves. You can also choose to make this selection mandatory in order to submit a ticket.
- Portal Authentication: There are three methods you can configure for access to the User Portal. Authenticated users are able to create new tickets, and view and search their ticket history. Guest users are only able to submit new tickets.
- Active Directory: You can have your end users log in to the portal using their Active Directory credentials. Just go to the Active Directory settings page for your organization and click the Enable button. You’ll then need to follow these instructions to finish the setup.
- Authorization Required: Your end-users enter their email address and then log in through a verification email each time they access the portal. This option is on by default when you aren’t using Active Directory authentication.
- Guest User Allowed: Your end-users enter their email address together with a ticket summary and description. No authentication/login is required. This mode is restricted from uploading attachments, and some users may have to complete a captcha when they submit their ticket. All tickets are created by Portal Guest and your end user will not receive a confirmation email that their ticket was created. The email address entered by the user is prepended to the Description of their new ticket allowing you to verify the authenticity of the ticket before setting the ticket’s Contact. Once you’ve updated the Contact, notification emails will be delivered to the end user as normal.
Frequently asked Portal Authentication questions
- How does email authentication work?
Your end user accesses the portal login page at your portal URL
(https://your-org-name.on.spiceworks.com/portal) and inputs their email
address. The Cloud Help Desk sends an email to that email address with a login link. The default sender is help@your-org-name.on.spiceworks.com) unless you have configured the Custom Outbound Email Address in Cloud Help Desk settings. - What if users can’t login using the link they are emailed?
For users that are not receiving the User Portal login email, or cannot use the link within the email to login, there are a few things to check.- The login link in each email can be used up to 5 times. You may need to make changes to your spam filter to ensure the login links are not automatically invalidated.
- Login links are only valid for 12 hours after the user submits their email address on the portal (remember to account for email delivery time).
- If your users are not receiving the login email, ensure you have whitelisted the sender address to reduce the likelihood of login emails going to “junk” or “spam” folders.
- How can I troubleshoot problems with delivery of the login emails?
You may need to configure your mail server/service provider’s whitelist based on sender email address, sender IP address, or message body content. The sender IP addresses for the Cloud Help Desk are documented
here and you can find info about the sender email address above under How does email authentication work?. The message body of
login emails contain a link like this which redirect to your portal:http://u######.ct.sendgrid.net/ls/click?upn=cXUsNXpk4a...-2BTmpA-3D-3D- Note: the
upnparam is unique for each email and the######represents integers that may vary over time.
- What if users can’t access their email to receive the login link?
Understandably, there are multiple ways users can be locked out or otherwise unable to access their mailbox (or in some cases, do not have a mailbox), making it impossible for that user to access a login link in a
User Portal login email. For these situations you have a couple of options. Users locked out of their work mailbox could submit tickets using a secondary or personal mailbox, or you may choose to enable the “Guest User Allowed” mode so your users instead submit tickets without first being required to authenticate. - How do I update the ticket’s Contact?
While working a ticket, click the Details tab and the Contact field is displayed. Click the current contact’s name and select an existing contact or enter an email address to create a new contact.
Ticket monitors
You can set up ticket monitors to let you know when tickets have been unassigned for too long, past due, approaching their due date, or a number of other triggers.
You can add monitors by selecting Monitors & Alerts from each Organization on your Settings page.
- is past due
- due in <
- unassigned for >
- open for >
- inactive > “Inactive” means that no admin or end-user has made an update.
- stale for > “Stale” means that there as been no update by the end-user. This does not take admin updates into account
- waiting > This is for tickets in the “waiting on user” status.
You’ll probably want to leave the boxes checked here, especially when you’re creating new monitors, as email is the only way that you’ll see that an alert was generated.
Setting up Active Directory access for the user portal
You can restrict access to the user portal by requiring your users to log in to Active Directory to access it. “But Spiceworks,” you’re saying, “I don’t want to expose my Active Directory information outside of my network!” No worries. You’ll be using a JSON Web TokenOpens a new window to allow the authentication to happen completely in the browser without exposing any infrastructure to the outside world.
How authentication works
You may be wondering how does the authentication work without Active Directory passwords leaving your network. Here’s a quick rundown:
- Your end user accesses the user portal URL.
- Spiceworks sees that you have Active Directory Authentication set up and redirects your browser to your IIS server (you are now operating entirely within your network).
- IIS prompts for a login, which it then checks against Active Directory. If successful, a token containing a secret key is sent back to the browser.
- The browser now sends that token outside of your network to the Spiceworks Help Desk, where the secret key is compared to the one stored in your help desk. If the two match,the user is authenticated and allowed to access the portal.
Prerequisites
You’ll need an IIS server that is able to communicate with your Active Directory server, along with the following installed (for more information on getting these installed, click hereOpens a new window .)
- Internet Information Services (IIS)
- IIS Windows Authentication
- .NET Framework 4.0 or 4.5
- Microsoft ASP.NET support
Enable Active Directory authentication
Navigate to Settings and choose the organization you want to enable Active Directory authentication for. Choose User portal in the settings for that organization. Scroll to the Portal authentication section and click the Active directory radio button.
An Active Directory settings form will appear at the bottom of the page.
Enter the auth server address
This is the IP address, hostname or DNS name of the computer or VM running IIS. You will install the SWAuth MSI package on this device. Just click on the text that is already there to edit it. Make sure to include SWAuth at the end unless you intend to choose a different directory for the installation.
Generate your secret key
You’ll need a key to authorize the connection with AD, so click the Generate New Key link to create one. copy and paste it somewhere so you’ll have access to it. You’ll only be able to see this once, so if you lose the key, you’ll have to generate a new one which will wipe out the old one.
Install the MSI handler
- Click the Download Authentication Handler button to download the MSI handler you’ll need for this whole thing to work. Make sure to install it on the
machine and directory that you specified during the Enter the auth server address section.
Running an MSI package in the GUI often does not maintain admin privileges throughout the process, resulting in a “Setup wizard ended prematurely error”.
Using an elevated command prompt will force use of admin privileges and the command below will also create some detailed logging in case you need to contact support.
msiexec /i SWAuth_Setup.msi /l*v SWAuth_Setup.log
- You need to add the complete URL of your Help Desk Cloud Domain.
- For example, if you are using Spiceworks Cloud Help Desk with domain of “e-q-s.on.spiceworks.com”, you need to input “e-q-s.on.spiceworks.com” in the
area for the domain.
- For example, if you are using Spiceworks Cloud Help Desk with domain of “e-q-s.on.spiceworks.com”, you need to input “e-q-s.on.spiceworks.com” in the
- Now paste your secret key into the appropriate field and click Next.
- From this point forward, most people will be fine with leaving all the default values in place. You’ll just need to enter admin
login credentials. But if you’re curious, we’ll go ahead and cover them:- AD Domain: The AD domain where your users reside. If yours is different than the default, you’ll need to change this.
- AD Server URL: If your Active Directory and IIS servers are separate, enter the URL for your Active Directory server here.
- Note: This is an LDAP URL like ldap://DomainController:389/ou=employees,dc=company,dc=org
- Allowed Roles: This will include all users by default. If you want to limit the users who have access to your user portal, you’ll
need to change this value. Make sure you’re using the exact group names from Active Directory and separating them by semicolon. - Email, First Name, Last name Attributes: Change these if your Active Directory environment uses different fields for these values.
- Full Name Attribute: If you have set up the full name field instead of individual first and last name fields, enter the value
here. You’ll need one or the other; Spiceworks requires a name value for end-users.
- Now that you’ve gone through those, click the Install button. If everything goes smoothly, you’ll get a success window. Now when your users try to visit the user portal, they will be presented with a login modal. If you test this, you’ll notice that your request is actually being redirected to your IIS server domain, where the authentication is happening. The credentials never leave your environment! Once the user has logged in, their email address will automatically populate the email field for new tickets.
Common Errors
Error: Signature verification raised
The secret key set in Settings > Active Directory does not match the key stored on the domain controller. Generate a new secret key and save that new key into your C:\inetpub\wwwroot\SWAuth\Web.config file, in the <authKey> value.
Error: Invalid issuer
The organization name in Settings does not match the organization name in C:\inetpub\wwwroot\SWAuth\Web.config file, in the <organizationDomain> value. This value is case sensitive. Reinstalling the SWAuth service may also resolve this.
Problems?
Contact support@spiceworks.com if you run into issues getting this authentication to work.
