Skip to main content
  • EN

Hi everyone,

We’re currently setting up SCIM provisioning from Microsoft Entra ID (Azure AD) to Freshservice using the official “Azure Active Directory Provisioning (SCIM)” app from the Freshservice Marketplace.

We’ve followed the official documentation and user provisioning works fine when users are assigned individually to the app. However, we’re trying to manage provisioning using groups — and that’s where we’re hitting a roadblock.
 

What we’ve tested:

  • Created a Security group in Entra (not a Microsoft 365 group)

  • Added the group under “Users and Groups” in the Freshservice Enterprise App

  • Verified that the Provisioning Scope is set to “Sync only assigned users and groups”

  • Provisioning works for individually assigned users ✅

❗️ But for the group, the following error shows up in provisioning logs:

Group 'APP-Freshservice' will be skipped. EntityTypeNotSupported


Has anyone successfully used groups (specifically, Security groups) in Entra to automatically provision users into Freshservice via SCIM?

Or does the Freshservice SCIM integration simply not support Group objects — and only support User provisioning?

It would be super helpful to have this confirmed so we know whether we need to work around this with manual assignments or automation outside of Entra.

Thanks in advance! 🙏

Hi Kevin,


When using the Freshservice SCIM, groups are supported but they need to be mail enabled security groups, we are syncing several such groups from our on premise AD into Entra and then syncing them with the Azure App.

 

I hope this helps.

 

Joshua

Provisioning definitely supports Security groups and I don’t believe they have to be mail enabled security groups; in our instance it is not.  We also sync the Security Group from on-prem AD to Entra

Have you nested other groups of users within your ‘APP-Freshservice’ group or is it a Dynamic Security group?

The Microsoft support article here sadly doesn’t seem to offer much help on the matter unfortunately.

The common theme I’m seeing so far in here where it is working properly is that the Security Group(s) is/are being synced from on-prem AD to Entra.

Provisioning definitely supports Security groups and I don’t believe they have to be mail enabled security groups; in our instance it is not.  We also sync the Security Group from on-prem AD to Entra

Have you nested other groups of users within your ‘APP-Freshservice’ group or is it a Dynamic Security group?

The Microsoft support article here sadly doesn’t seem to offer much help on the matter unfortunately.

The common theme I’m seeing so far in here where it is working properly is that the Security Group(s) is/are being synced from on-prem AD to Entra.


You seem to be absolutely right about the on-prem AD to Entra scenario — I can’t confirm it myself since we don’t have an on-prem environment. But after testing both what ​@Joshua.Lawrence and you ​@MDavies recommended (including trying both mail-enabled and dynamic security groups), I’m still receiving the same EntityTypeNotSupported error when attempting to provision the group.

 

So far, only assigning individual users directly to the enterprise app works for us.

Maybe it’s something you can raise with the vendor of the Azure Freshservice SCIM App: support@effy.co.in

You can provision users within groups where the users and groups are both cloud only (I do not have Active Directory). I assign various groups to the SCIM app and it provisions the users within those groups.

Either there is something about your group that is not supported or you’ve setup a custom app and are trying to provision the group itself—I’m not sure if groups can be provisioned. I know that only the users within the group can be.

Reply


Terms of Use