ManageEngine (On-Prem) Access Requirements

Why do we need access to your ManageEngine Instance?

The client we create in your ManageEngine instance will directly perform actions to create, update, and query information about tickets, solutions, and forms.

We’ll also need to setup the Moveworks Agent to be able to connect with your on-prem system. Refer to this setup: Moveworks Agent

Production Access Permissions

In your Production Manage Engine environment, the following accounts are needed:

  • A dedicated service account as a technician with the SDADMIN privilege to read/update tickets and read users/KB articles.

What is this account used for:

The Moveworks service interacts with your Manage Engine platform so that the bot can:

  • monitor tickets for autonomous resolution
  • reach out to an employee when a Manage Engine ticket needs the employee's attention
  • create tickets to log issues the bot has resolved autonomously
  • create tickets for issues that require an agent's attention
  • read the Manage Engine user roster so that the bot can log and assign issues appropriately
  • read & serve Manage Engine knowledge articles to end-user

Manage Engine API Token

Create a dedicated service account as above. API access for Manage Engine on-prem is done through an API token. Here are the steps to create an API token for a Service Account:

  1. Log in to your portal using the Service Account user credentials.
  2. Click Generate API key.
  3. Click Copy to clipboard, then share with your Moveworks Customer Success team.

Accessing Your On-Premise Manage Engine Service Desk

Additionally there are 2 options available to make your instance available for access via the Moveworks platform.

  1. IP Whitelisting

    Apply a firewall exception for the following Moveworks IP ranges:

  2. Moveworks Agent

    If IP whitelisting is not an option, an on-premise Moveworks Agent installation is required. This is a lightweight appliance Moveworks would install on your VMs behind the firewall, therefore with this option no firewall changes are needed to integrate with Manage Engine.

Note: If you are already using the Moveworks Agent for another integration, you will need to use the same agent to connect to Manage Engine.