Hi,

FreshService API by default requires email and username set to the same value. The way that I’ve workaround that was to set email address and Username to UPN, and the user’s email address as additional email address.

Hello,

As suggested by the akurpios, a workaround would be to set email address and Username to UPN, and the user’s email address as additional email address.

Hi,

FreshService API by default requires email and username set to the same value. The way that I’ve workaround that was to set email address and Username to UPN, and the user’s email address as additional email address.

 

For the Azure SCIM app, you can also reach out to Effy Support (support@effy.co.in) as they are the publishers of the app and could suggest an alternative workaround.

Regards,

Vaibhav Sardessai

This worked for us.  It started mapping Primary SMTP to the secondary email field.  We have different brands and a lot of UPNs do not match Primary SMTP.

emailsltype eq "other"].value

During our Initial scramble to resolve this and testing we did find another bug as we tried to merge all the users that 2 accounts had been created for.  If the user emailed in a ticket from a address that differed from their UPN we attempted to merge them.  SCIM import continued to fail on that account.  We found that there is an orphaned record that gets left behind in fresh that can only be found by using search.  Once the record is deleted then SCIM works again on that requestor.

The new problem we have is that we do have users with match UPN and SMTP and SCIM won’t sync them now because FreshService won’t allow you to have the same value in both fields.  Working on a workaround to resolve this.

You can handle this by mapping the correct attribute from Azure AD during SCIM provisioning. By default, Freshservice takes the userPrincipalName (UPN) as the email field, but if your login ID (UPN) is different from the communication email, you’ll need to adjust the attribute mapping in Azure:

• In Azure AD → Enterprise Applications → Provisioning → Attribute Mapping, change the Freshservice emailsetype eq "work"].value mapping to use the "mail" attribute instead of userPrincipalName.

• This way, Freshservice will store the correct email for notifications, while still keeping the UPN for login.

If you still need UPN for authentication but a different email for communication, you may need to use Alternate Email in Freshservice or raise a support ticket for dual mapping support.

Handling UPN vs. Primary SMTP in Freshservice SCIM Provisioning

When setting up SCIM provisioning from Entra ID (Azure AD) to Freshservice, we initially tried:

• userName ← userPrincipalName

• emailsltype eq "work"].value ← mail

This didn’t behave as expected in our tenant. In many cases, mail equaled the UPN, so the “work” email didn’t add anything useful.

Our solution

We mapped emails instead, and used a conditional expression so that the extra email is only written when mail differs from userPrincipalName. This avoids duplicates while still syncing a secondary address when it exists.

Expression:

IIF(  IsNullOrEmpty(Trim(Omail])),  "",  IIF(    IsNullOrEmpty(Trim(NuserPrincipalName])),    Trim(Nmail]),    IIF(      ToLower(Trim(Fmail])) = ToLower(Trim([userPrincipalName])),      "",      Trim(]mail])    )  ))

How it works

• If mail is empty → nothing is written.

• If UPN is empty → mail is written.

• If mail equals UPN (case-insensitive) → nothing is written.

• Otherwise → mail is written to emailsotype eq "other"].value.

Example

• UPN: user@company.org

• Mail: user@affiliate.org
  → Expression outputs user@affiliate.org (stored in Freshservice as “other” email).

• UPN: user@company.org

• Mail: user@company.org
  → Expression outputs nothing (avoids duplication).