Might be worth looking at DeskPro - their on-prem is fixed price for 10 agents ($1,800/a), and from trialing it a few months ago it's slick as hell.
Not sure if it supports AD passthrough, though; but it does do AD SSO and email-to-ticket.
As was pointed out when SR2 went down by many people, including me and Grugq and Christin, OSes are very poorly hardened against de-anonymization and it could have been a million things - features not disabled (how I de-anonymized one market), dropping in a script to phone home, a random exploit of anything on the OS, putting something in the HTML to require a load from a URL one controls, etc.
EDIT: and you say on Twitter:
> No, we mostly communicated via the support interface, we used DeskPRO which has a Facebook-style chat feature....Defcon, he claimed to have 'hardened' it so it was safe to use, DPR2 did have an account on it tho.
DeskPRO is fancy commercial SAAS; it pays less than no attention to avoiding de-anonymizing a server running it. And that's just your chat software! As I said, could've been a million things.
My org is looking into SAmanage explicitly for asset Management. Can you elaborate on the bad?
We use Deskpro for ticketing/Helpdesk, and I think it could handle the "notify multiple external people" without a problem... And it is very customizable.
I've used Track-IT at previous jobs, and was looking for something better. Another Redditor recommended Deskpro, which I love.
Lansweeper also has a helpdesk add-on which is actually quite nice. I needed more customization options for the web portal, SLAs, etc., Deskpro fit the bill perfectly.
I'm partial to Deskpro (https://www.deskpro.com/), have been using it for over a decade, they just keep making it better and better. Free to evaluate a hosted version, so you don't even need to go to the hassle of setting it up to see if you like it.