iTop Extensions

Department silos

Combodo's customers only

Department silos
Ticket segmentation between delivery organizations
PHP 8.0

With this extension, you can ensure that your IT department agents won't be able to see HR related UserRequest and Incidents Tickets and vice versa.


Different departments in your company want to use iTop, but each department wants their agents to be the only one to see the Tickets related to their business.
Out of the box, iTop does not offer this possibility. This extension enables this, by changing UserRequest and Incidents Tickets.


Multiple departments can handle in iTop console, the Tickets which must be managed by their department.

  • Users are not able to see Tickets for other departments than their own.
  • Compatible with Simple Ticket Management and full ITIL.

Revision History

Release Date Version Comments
2023-07-17 1.0.3 N°5807 - API: Remove SetupPage:log* for iTop 3.1 compatibility
2022-11-18 1.0.2 First published version


  • It's not possible to dispatch a wrongly routed Ticket to another Department, the requestor/caller must create himself another ticket under the right service
  • Callers can only create and see their Tickets through the User Portal.
  • Even agents users must use the User Portal to handle Ticket for themselves (except tickets for their own department)

If you use iTop 2.7.6 or older, there is an known issue with Notification, which are not triggered unless their filter is empty.


  • Ticket management must be enabled.
  • The minimum required version for Approval Process Automation, if used, is 2.1.1.


No configuration parameters



The purpose of this extension, is to separate User Request and Incidents into silos, based on which organization is delivering the Service.
Out of the box, User Request and Incidents are siloed by customer.

To work as expected you must organize your data in a certain way:

  1. Create separate organizations for each independent provider managing Tickets
  2. Create separate organizations for each customer which must be visible to all providers agents
  3. Decide under which organization you must put each object, so it is hidden/visible to the appropriate users
  4. Give access to each user to the Organizations that they need to see and not more (User tab Allowed Organizations)

Below 2 examples which are pretty common:

Single company

Goal: Ensure that the IT department agents won't be able to see HR related UserRequest and Incidents Tickets and vice versa.

In order to use this extension, you must modify the organizations and the owner organization of some objects.

  • Create a company organization and put all shared company objects under that organization:
    • Locations
    • Teams & Persons
    • Contracts
    • Public/shared CIs
  • Create the different Departments as separated iTop Organizations,
    • but leave their Parent empty, Putting them under the main company would break the Silos, as iTop logic is to enable access to all sub-organizations of the User Allowed organizations, and that behavior can not be changed.
    • Defines catalog of Services within each of those organizations
    • Defines private CIs under the Department in charge of handling them in a silo. Such CIs cannot be seen in the console by people outside of the Department.

Objects's organization schema

  • Create one or multiple contracts under the main company to buy the services provided by the various departments

screenshot of Contracts

  • Assuming you have IT and HR agents, ensure that they all have Allowed organizations set on their iTop user. They must be allowed on their contact organization (this is an iTop portal requirement) and on their department organization, as well as on all their customers organizations.

User's allowed organizations

  • As a result, all employee must use the User Portal to request services to other departments than their own, but once in the console, they are limited to the Tickets which are linked to a Service that they are responsible for.

Service Provider

Goal: Have different providers delivering services to different customers, but seeing in the console, only the Tickets related to the services that they deliver.

For example, a company with multiple departments providing different services to other companies and each Department must only see the Tickets they are responsible for:

Check the steps described above for a “Single company” and adapt it

  • There is a Provider Company with 3 Departments needing to work in Silos
  • None of the Department will have the “Provider Company” as its parent (same reason as described above in “Single company” model)
  • Theirs customers can be the same or different
  • The customers Tickets must only be seen by the Department handling them

  • Here we have imagined that the “Loan Department” does not deliver any services to “Client #2”, which explains why its Users do not need to see “Client #2” organization

Each Department users, must have theirs customers in their “Allowed Organizations”, which can be an administrative burden, if there are a lot of agents and/or a lot of customers on-boarding. But if all customers can be visible to all company departments employee, then it's easier: Define a generic “My-Customers” organization as parent of every true customers organization and just put the “My-Customers” organization in the “allowed organizations” of all your departments employees and job done.

Change of behavior

There is no visual change to the User Portal, but scopes to let callers see their own tickets, as they are no more under the user organization. Ticket's organizations are not guaranteed to be in the user “Allowed organizations” anymore.

In the Console for User Request and Incident, the Customer can no more be selected, it is computed from the Caller.

extensions/combodo-department-silos.txt · Last modified: 2023/07/25 16:32 by vdumas
Back to top
Contact us