We are just setting up our Freshservice (FS) instance. I installed the “Azure Active Directory Provisioning (SCIM)” app in FS and configured the “Freshservice Provisioning” enterprise app in Azure per the instructions using my local FS agent account. Then I configured SAML SSO. I target a small group of users that have everyone we want to be agents. All these users that were automatically provisioned by AAD provisioning can sign in using the SSO except me. Even though my local FS Agent profile is currently syncing fine with Azure, when I try to sign in with the SSO, FS creates a new Requester account for me. I figured this was due to it being created as a local account, so changed my local account to a different email address, “forgot” (deleted) the Requester account FS created for me on login with the SSO and let AAD Provisioning create a new account for me. I can successfully sign in to the SSO and use this account. So I convert this AAD/SSO account to an Agent but now I’m using two of my Agent seats --- one with the local account and one with the AAD/SSO account. I convert my local account to a Requester and discovered that AAD provisioning quits working because the account is running as is no longer an agent. Ugg. I uninstall/reinstall the AAD provisioning app in FS with my AAD/SSO account and update the AAD provisioning app in the Azure portal with the new secret token. The next time AAD provisioning cycle runs it says it updated all user accounts!? And now everyone that tries to logon using the SSO get a new FS Requester account rather than signing in to their already established Agent accounts, including me!
Seems like the only way to get this working is to burn an Agent seat just to run AAD provisioning!!!
Any ideas?
