Freshservice SSO - Is my Azure Integration tied to my user account?

Yes, I recommend to our customer to have a API/integration  agent account that is account/ORG admin that is not associated to a person. 
 

Thanks. Just to make sure I understand. Essentially a service account in my Active Directory environment?

Errrr service account in FreshService, not AD

I’m running into this same issue.  It seems like we have to buy an additional Freshservice agent seat to use Azure AD provisioning with a Freshservice “service” account so it’s not tied to an individual.  Have you found any alternatives to this?

We are also doing it the same way.

I remember seeing an idea being posted about this: Grant Extra License for Integrations Requiring API Key | Freshworks Community

There they explain that reaching out to your CSM and asking for an additional license usually works.

Also upvoting it to get more attention to the need of a special area for API keys

Using your personal Freshservice API key for SCIM provisioning ties the integration to your account. If your account is disabled—say, upon leaving the organization—the provisioning sync would likely fail, as the key would no longer be valid. Freshservice doesn’t provide a user-agnostic or built-in admin API key for this purpose, which aligns with your observation.

A common solution is to create a dedicated service account in Freshservice with admin privileges and use its API key instead. This ensures continuity if your personal account is deactivated. You didn’t miss anything obvious in the setup—Freshservice’s design just leans toward individual admin keys. Check with their support to confirm if there’s an alternative, but the service account approach should address your concern.

Hi,

Great job on the SSO and SCIM setup! Using your personal API key does tie the integration to your account, so it could fail if your account is disabled. Create a service account with Org Admin rights and use its API key instead. You didn’t miss anything — just a small tweak needed.