Skip to main content
Question

Freshservice SSO - Is my Azure Integration tied to my user account?

  • 1 April 2024
  • 5 replies
  • 67 views

I am a new customer. Today I setup SSO and SCIM Provisioning through Azure AD, all worked well without issue. 

However, when setting up Provisioning I had to give an “organization admin” API key. The only one I could find was under my own Fresh Service profile. I could not find one that is user agnostic or tied to a built in administrator role. 

Does this mean if I left the organization that these integrations would fail once my user account was disabled? 

Have I missed something when setting this up? 

We are also doing it the same way.

 

I remember seeing an idea being posted about this: Grant Extra License for Integrations Requiring API Key | Freshworks Community

There they explain that reaching out to your CSM and asking for an additional license usually works.

 

Also upvoting it to get more attention to the need of a special area for API keys


I am a new customer. Today I setup SSO and SCIM Provisioning through Azure AD, all worked well without issue. 

However, when setting up Provisioning I had to give an “organization admin” API key. The only one I could find was under my own Fresh Service profile. I could not find one that is user agnostic or tied to a built in administrator role. 

Does this mean if I left the organization that these integrations would fail once my user account was disabled? 

Have I missed something when setting this up? 

Yes, I recommend to our customer to have a API/integration  agent account that is account/ORG admin that is not associated to a person. 
 


I’m running into this same issue.  It seems like we have to buy an additional Freshservice agent seat to use Azure AD provisioning with a Freshservice “service” account so it’s not tied to an individual.  Have you found any alternatives to this?


Thanks. Just to make sure I understand. Essentially a service account in my Active Directory environment?


Errrr service account in FreshService, not AD


Reply