I am setting up the Entra app for user provisioning to Fresh Service.
It is going OK, but i noticed that i cannot deactivate users?
When a user is deactivated in Entra, the update is sent to FS:
But the user remains active in FS.
We expect it to work just in principle, but also because we are migrating from the AD probe, where it was working.
Anyone got this working?
Hi
Based on the limited details of your Azure SCIM application, I am unable to ascertain your exact setup. However, I am happy to attempt to resolve your configuration issue. According to the attribute you referenced, we have a similar target attribute, which I have included in the screenshot below. When a user is disabled in the on-premises system, it synchronizes to Azure AD, subsequently disabling the user in Freshservice.
If this doesnt resolve could you share more information and happy to assist if i can, also Effy Support who provide the app also have great support.
Joshua
hi
Thanks for your input :)
Yes, this is the precise mapping I am using, as you can see in my original screenshot.
It’s just the standard mapping used when you install the app in Entra.
the Not( isSoftDeleted]) expression maps to the “active” field.
Have you tested and verified that this actually works??
in my tenant i disabled a user and synchronised them to FS.
As you see in my screenshot, provisioning attempted to disable the account.
However the account remains active in Freshservice.
I would expect to see it deactivated, like this:
However it was not.
have you successfully deactivated FS users from Entra?
Thanks again,
Alex
by the way, i have also tried to set the “active” field to “false” simply using the SCIM rest API.
this gets accepted with a “200” result but the user remains active despite that:
so i cannot get this working in postman either.
hi
Thanks for your input :)
Yes, this is the precise mapping I am using, as you can see in my original screenshot.
It’s just the standard mapping used when you install the app in Entra.
the Not( isSoftDeleted]) expression maps to the “active” field.
Have you tested and verified that this actually works??
in my tenant i disabled a user and synchronised them to FS.
As you see in my screenshot, provisioning attempted to disable the account.
However the account remains active in Freshservice.
I would expect to see it deactivated, like this:
However it was not.
have you successfully deactivated FS users from Entra?
Thanks again,
Alex
We have had the Entra App in place for last 3 years and as part of our leavers process once a user is disabled they are set to “Deactivated Requester” in Freshservice within about 30 mins once it syncs from on Prem to Azure AD.
Is the App provisioning new users automatically once they are created in your environment, as this would show if the SCIM app is working or if there is a access issue with the entra app between Azure and Freshsevice
Hi
Yeah, i can successfully create and update users via provisioning.
this is my mapping for the “active” field, it is unchanged from installation:
the problem seems to only be with the “active” field, specifically.
it also does not seem to work through postman, which i have tested for many other fields successfully.
I have read another poster online saying that they achieve this by using the FS Probe and Provisioning at the same time.
Could that be what is happening on your end, do you also have the probe running? Or is it definitely Entra provisioning which deactivates your users?
For those of you who are experiencing the same problem, i have the answer:
Fresh Service do not support user deactivation over SCIM, in Sandbox environments.
However once you connect your Entra provisioning app to your Live environment, it does in fact work.
The fine folks working at Effy and Fresh claim this is on purpose and it is “known behaviour” but it took them over a month to confirm it so……. go figure.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
