We have a number of domains in our environment that are not managed by IT. Since we have had no influence on how users are created in these domains, the user data has not been standardized and we cannot import until that occurs. Since data cleansing of these environments is out of scope for out Service Desk implementation, we cannot import via active directory and have used another source for the users.
This means that we cannot use ldap authentication (for now) and have instead decided to go with integrated authentication. However, we have 2 issues:
1) We do not have network logons for a percentage of our 80,000 users - therefore cannot publish an integrated logon URL without failure errors occurring for any user without a network logon in our service desk database
2) We would like Analysts to add a network logon for any users who logon as a guest, however this does not seem to be possible via web desk and we do not want to support console just to allow Analysts to add network logons
Ideally, we would prefer to publish an "integrated Logon" URL that fails over to explicit if the user is not identified in the service desk database. The following article outlines how this can be achieved if the users are not identified by IIS, however our users will be on valid domains: https://community.landesk.com/support/docs/DOC-23342
I am sure we are not the first organisation to experience this so hoping someone might have ideas on how to overcome a mixture of integrated/explicit logon and allowing Analysts to add user network logons via webdesk.