Hi @smurfjoe
Azure Guest Users will be able to authenticate themselves via SAML SSO.
SAML SSO handshakes send a NameID that Freshservice uses to identify the User. Freshservice expects an email address as the incoming NameID.
This NameID claim can be found under Azure Enterprise Apps > Freshworks > Single Sign on > Box2
Ensure that the variable used as the source for the NameID claim has an email address in the Guest User’s profile.
You can verify if the expected values are sent over as the NameID using a SAML Tracer browser extension.
Reach out to us at support@freshservice.com if you need any assistance in this process.
Yes you can. Our guests need to use a lightly different username. For this, its their <emailaddress> #EXT#@<MicrosoftTenantName>.
e.g. brad.dunn_test.com#EXT#@test.onmicrosoft.com
Have a look at the guest in Azure AD and go from there.
@brad.dunn where you able to register that emailadres for the requester in fresh.
Within FreshService it is not possible because the mailadress is not valid according to fresh.
Question to @freshsupport
Our Our AAD UPN is build by default like this:
<emailaddress> #EXT#@<MicrosoftTenantName>
Why isn't it possible to implement this adress in the Requesters field for Mail?
I can't find any documentation about the allowed Characters in the field for Email.
By experimenting I have found the following characters are not allowed, are these the only ones:
- { }
- # #
- i ]
- “ “
Did this get get fixed or was a workaround found?
We changed the app claim, and login trough SSO functions works for our Guest Accounts!
SAML SSO handshakes send a NameID that Freshservice uses to identify the user, and it expects this NameID to be an email address. You can find the NameID claim under Azure Enterprise Apps > Freshworks > Single Sign-On > Box2. Ensure that the variable used as the source for the NameID claim contains an email address in the guest user's profile. To verify that the correct values are being sent as the NameID, you can use a SAML Tracer browser extension.
