- 01 Jun 2023
- 6 Minutes to read
ManageEngine Desktop Central and Patch Manager
- Updated on 01 Jun 2023
- 6 Minutes to read
ManageEngine Desktop Central is a desktop management and mobile device management software for managing desktops in LAN and across WAN. This adapter fetches devices, patch data, and desktop central data from the server. It supports OAuth authentication as well as AD authentication with user name and password. It requires read access to devices to generate a password. This adapter was tested with Axonius version 4.4 or higher.
ManageEngine Desktop Central is a desktop management and mobile device management software for managing desktops in LAN and across WAN and mobile devices from a central location, including automated patch deployment for Windows, macOS and Linux endpoints.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Domain (required) - The hostname or IP address of the ManageEngine Desktop Central or Patch Manager server.
- Port (required, default: 8020) - The port Axonius will use to Axonius to communicate with the value supplied in Domain.
- User Name and Password - The credentials for a user account that has permissions to fetch assets. For details, see Authentication and Authorization for On-Prem Instances.
When OAuth Client ID, OAuth Client Secret and OAuth Refresh Token are not supplied, User Name and Password are required.
- User Name Domain (optional, default: empty) - The AD domain. Use this option if you are using the AD authentication method.
- Domain Authorization Token (optional, default: empty) - Token to access the AD domain.
- Fetch Desktop Central Data - Select this parameter to fetch desktop central data. If you do not select this option, only patch data is fetched (patch data is available from both products).
- MFA QR Code (optional, default: empty) - If MFA is enabled using Google Authenticator, save the QR code received as a PNG file and upload it.
- If supplied, the connection for this adapter will use the uploaded file to authenticate the specified User Name and Password.
- If not supplied, the connection for this adapter will not add any additional authentication to the specified User Name and Password.
- OAuth Client ID, OAuth Client Secret and OAuth Refresh Token - parameters for OAuth authentication, used in the cloud version of ManageEngine Desktop Central and Patch Manager. Refer to APIs for information on how to generate them.
- OAuth Zoho Accounts URL (default: https://accounts.zoho.com) - The account URL. Refer to Refresh Access Tokens for information on how to obtain the account URL.
When User Name and Password are not supplied, OAuth Client ID, OAuth Client Secret and OAuth Refresh Token are required.
- MSP Customer ID - Customer ID to fetch information for, when connecting to Desktop Central MSP. Only use this when connecting to Desktop Central MSP, otherwise leave empty.
- Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Desktop Central Domain. For more details, see SSL Trust & CA Settings.
- If enabled, the SSL certificate offered by the value supplied in Desktop Central Domain will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
- If disabled, the SSL certificate offered by the value supplied in Desktop Central Domain will not be verified against the CA database inside of Axonius.
- HTTP Proxy and HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Desktop Central Domain.
- If supplied, Axonius will utilize the proxy when connecting to the value supplied in Desktop Central Domain.
- If not supplied, Axonius will connect directly to the value supplied in Desktop Central Domain.
- To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Include Only Devices with Last Seen value - Select whether to only fetch devices which have a last seen value. Devices which do not have a value for last seen are not fetched.
- Only fetch devices from the following types - Enter a comma separated list of configured device_type values. Devices will only be fetched if they have the device_type values listed.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Axonius uses the ManageEngine Desktop Central REST API.
Configuring OAuth Authentication and Authorization
This adapter supports OAuth Authentication to connect to the Cloud Instance
Generating the OAuth Client ID, OAuth Client Secret and OAuth Refresh Token
To use OAuth Authentication you need to generate the OAuth Client ID, OAuth Client Secret and OAuth Refresh Token. To generate them:
- Go to the Zoho API Console: https://api-console.zoho.com/
- Click 'Add client', choose 'Self Client' and click 'Create' (if a popup asks you to confirm, click “OK“).
- On the API Console main page, click on the 'Self Client' application
- In the tab 'Generate Code', enter the following details, and click 'Create':
- Time Duration: “10 minutes”
- Scope Description: free text (could be anything)
For patch.managengine.com the URL and scopes need to be: patch.manageengine.com Scope: “PatchManagerPlusCloud.restapi.READ,PatchManagerPlusCloud.restapi.Update” for the adapter to work.
- A popup “Generated Code“ opens, click copy, and paste the code in a temporary file.
- In the tab “Client Secret“, copy “Client ID“ and “Client Secret“ to a temporary file
- Enter the values you’ve copied to the following command:
curl -X POST "https://accounts.zoho.com/oauth/v2/token?grant_type=authorization_code&redirect_uri=http://localhost/callback&code=<code>&client_id=<client_id>&client_secret=<client_secret>"
- Execute the command on a linux machine (or windows with curl)
- From the response of the command, copy the value of “refresh_token“ (might start with “1000.“), and save it to a temporary file.
Using OAuth Authentication
- In Axonius, add a new connection in the ManageEngine Desktop Central/Patch Manager adapter, and fill the following details:
- Domain - the domain of Desktop Central/Patch Manager (for cloud - use desktopcentral.manageengine.com).
- Port - the port of the domain (for cloud - 443)
- OAuth Client ID, OAuth Client Secret, OAuth Refresh Token - the values you copied to a temporary file
- OAuth Zoho Accounts URL - The relevant url for your Zoho account, from Refresh Access Tokens - APIs
Axonius will now fetch devices from Desktop Central/Patch Manager using OAuth.
Authentication and Authorization for On-Prem Instances
You need to generate a password and then add permissions:
To generate a password:
- From Desktop Central's web console, navigate to Admin -> API Explorer.
- On the left pane, click Authentication -> Login.
- Choose the authentication type as either Local authentication or AD authentication and furnish the user name and password.
- Upon execution, you will obtain a password along with the auth token.
Use that password in the Password field.
If you have selected the AD authentication, specify the domain in the User Name Domain field.
To edit permissions for an existing role in ManageEngine Endpoint Central On-prem, follow the steps given below:
- Log in to the ManageEngine Endpoint Central On-prem console using your admin credentials.
- Click on the “Admin” tab and select “Roles” from the left-hand side menu.
- Locate the role you want to edit from the list of roles, and click on the role name to open the role details page.
- On the role details page, you will see a list of permissions assigned to that role. To edit the permissions, click on the “Edit” button located at the top right corner of the page.
- In the “Edit Role” page, you can add or remove permissions by selecting or deselecting the checkboxes for each permission.
- To grant permissions for REST API, click on the “API Access” tab and select the appropriate REST API methods you want to allow for this role.
- Grant the following permissions: SOM, Report, Inventory, Software Deployment, Patch Management.
- Once you have made the necessary changes, click Update to save the updated role.
This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.
|ManageEngine Desktop Central 10.1.2121.1||Yes|
Supported From Version
Supported from Axonius version 4.4