Visit Freshworks.com Visit Freshworks
Sticky

Seamless user management with Freshservice + Azure Active Directory (AAD) Provisioning 🔄

  • 13 November 2023
  • 12 replies
  • 983 views
Seamless user management with Freshservice + Azure Active Directory (AAD) Provisioning 🔄
radhika.narayanan
Rank
Userlevel 4
Badge +3

Hello folks! 

Welcome to another episode of “Appsolutely Connected with Freshservice”. If you’re new here, check out our series to get the lowdown on all the top integrations you need to ‘app your IT game’💪🏼!

Efficient user provisioning and secure authentication are vital for organizations to streamline IT operations and safeguard data. If your organization is using Azure Active Directory (AAD) as the single source of truth for user information, this integration is for you!

Freshservice + Azure Active Directory (AAD) Provisioning provides a unified view of your essential user data in your service desk instance. You can enhance user authentication and user provisioning for your service desk by synchronizing data such as users, locations, groups, security, applications, permissions, and custom attributes from AAD to Freshservice. 

How does the integration work?🤔

  1. Automatic User Creation and Sync: Once a user is assigned in AAD, Freshservice automatically creates the requester/agent based on AAD's System for Cross-domain Identity Management (SCIM) synchronization frequency.
     
  2. Real-time Profile Updates: Any profile changes made in AAD will be replicated on Freshservice periodically, ensuring that your user information is always up-to-date.
     
  3. Fields Synced from AAD to Freshservice: 🔄
  • Given Name -> First Name
  • Family Name -> Last Name
  • Primary Email -> Email
  • Title -> Job Title
  • Primary Work Phone -> Work Phone Number
  • Mobile Phone -> Mobile Phone Number
  • Complete Work Address -> Address
  • Locale -> Language
  • Timezone -> Timezone
  • Department -> Department
  • Manager -> Reporting Manager

🌟What can you achieve with this integration?

🔗 Single Source of Truth:
No more data discrepancies. Azure AD becomes your go-to single source of truth, ensuring that every user detail in the IT service desk is accurate and up-to-date.

🤖 Automated User Management:
No more manual juggling! Azure AD seamlessly syncs user additions and removals with Freshservice. Access permissions are effortlessly managed, keeping your IT environment secure and streamlined.

🛡️ Enhanced Security:
Any changes in Azure AD instantly update access permissions in Freshservice, reducing the risk of unauthorized access and ensuring a robust security posture.

📊 Compliance Assurance:
Detailed audit trails in Azure AD and Freshservice ensure you have a clear record of user activities, critical for compliance.

Experience seamless user management, eliminate manual data entry, and enable a robust framework for identity provisioning and authentication with Freshservice + Azure Active Directory (AAD) Provisioning 

Do you have questions or experiences to share? Drop them in the comments below! 👇
#FreshserviceApps #AzureADIntegration #UserManagementSimplified

12 replies

Kamakshi V
Rank
Userlevel 6
Badge +8

Heyy folks!!

@Lal23 @kirstyende @Nbotts @Clement Dsouza @Hoss Lippert @zachscott @Roxwell @Keri Sandler_First Legal @elishafxx @Dustin.Halvorson @Prathamesh K @bram.veldhoen @Norm G @ErikAlmSynerity @Michael Peter 

The next episode of #AppsolutelyConnectedWithFreshservice is here! Give it a read when you have a moment and share your thoughts!

Cheers
C
Rank
Badge +2

Can we use this with FreshDesk?

J
Rank
Userlevel 1
Badge

If one already has users that were created via other methods (sending in a support email, logging into portal), how do you link them via provisioning?  Basically, how would you implement this if you already have an established base of requesters.

Jondw1970
Rank

Hi, we are having some issues with users that (in Entra) are DISABLED then cause the provisioned user in FreshService to be deactivated (as expected)

However, if the Entra users is subsequently RE-ENABLED, it does NOT reactivate the account in FreshService - should it??

We see an unknown error in the provision log, but wanted to understand if it SHOULD reactivate?

Thanks

TimDeJonge
Rank

Anyone succeeded in getting the manager synced from AD to Freshservice ?

J
Rank
Userlevel 3
Badge +7

While we would love to switch from our current Active Directory user sync to Entra ID SCIM provisioning, we have some concerns about using a third-party marketplace app for such a purpose. Who/what is “effy” and what is their relation to Freshworks? Why would they provide this app (and the support) for free? Is it a ploy for Freshworks to avoid liability for any issues or vulnerabilities that could arise from the use of the app?

3500 downloads would mean that quite a few are willing to “acknowledge and agree that your access and use of this application will be governed by the developer's terms of service and privacy policy”, but it’s not apparent what those terms are.

The lack of responses to comments on this thread (despite the invitation from @radhika.narayanan to leave questions) is not really encouraging either.

B
Rank

While we would love to switch from our current Active Directory user sync to Entra ID SCIM provisioning, we have some concerns about using a third-party marketplace app for such a purpose. Who/what is “effy” and what is their relation to Freshworks? Why would they provide this app (and the support) for free? Is it a ploy for Freshworks to avoid liability for any issues or vulnerabilities that could arise from the use of the app?

3500 downloads would mean that quite a few are willing to “acknowledge and agree that your access and use of this application will be governed by the developer's terms of service and privacy policy”, but it’s not apparent what those terms are.

The lack of responses to comments on this thread (despite the invitation from @radhika.narayanan to leave questions) is not really encouraging either.

I had the same questions as above and I was directed to contact the integration creator, but effy doesn’t seem to be an actual company and my Freshservice rep and helpdesk couldn’t give me any answers even though it's an integration they endorse so we’re sticking with active directory sync and possibly looking into using Azure AD Domain services instead since we can join vm’s to it and possibly mimic the AD Sync. We are a healthcare company and were very disappointed to learn this wasn’t a supported Freshservice-owned integration, which is strange.

M
Rank
Userlevel 3
Badge +7

Is there a way, we can update also the default Location field?

Thank you!

I resolve, therefore I am!
radhika.narayanan
Rank
Userlevel 4
Badge +3

Hi @jorn-morten.innselset

Thank you for writing to us. We understand your concerns and would like to clarify that Effy is a Freshworks Managed Partner. We collaborate with technology and solution partners to provide customized and enhanced capabilities for our customers. Happy to share some resources that outlines the privacy policy and terms of use in detail. Please take a look at the links below: 

Please let us know if you have any further questions or need any assistance. 

Regards, 
Radhika Narayanan

J
Rank
Userlevel 3
Badge +7

Thanks @radhika.narayanan 

In the past we used the Warranty sync for Dell app (also published by effy and “Verified by Freshworks”), but stopped using it in favor of our own integration when we found the app to be unreliable and the responses from effy support to be slow and inadequate - as to be expected for a service costing zero dollars.

While we can appreciate the business model for low risk value-add apps, the provisioning of user information from our IdP into Freshservice is something that we have grave concerns about leaving to a third-party with which we have no vendor relationship.

Critically, what could we expect if the SCIM module started misbehaving or cause issues in our environment? Who would take responsibility if there is a security breach caused by this app? Where is our user information (temporarily or permanently) stored? Why has nobody updated the app to reflect the fact that it is no longer called “Azure AD” but rather “Entra ID” since last July?

Developer Apps are provided and licensed to you by a third-party. Freshworks is not in any way responsible for these Developer Apps and disclaims all liability resulting from your use of these Developer Apps are terms that would not satisfy an audit on our end.

Even your lesser competitors Zendesk and TopDESK have their own marketplaces, but they have made the right choice in having the Entra ID SCIM integration as a native and supported feature. I can only urge Freshworks to do the same on your end.

 

 

B
Rank

Is there a way, we can update also the default Location field?

Thank you!

I would also very much like to know this as well.  I need to map a custom attribute in AAD to Location in Freshservice.  Thanks!

B
Rank

Is there a way, we can update also the default Location field?

Thank you!

I would also very much like to know this as well.  I need to map a custom attribute in AAD to Location in Freshservice.  Thanks!

Hi Everyone, 

I reached out to Effy asking how to map a Custom Attribute from AAD to the Freshworks “Location” field.  They replied with the answer, which I have attached.  We tested it and it works!  Hope this can help others!

1 Attachment

Reply


Terms of UseCookie settings