Skip to main content

Hello,

There doesn’t seem to be an option to update line manager in Azure AD via an orchestration, we were hoping that we could add line manager to new starter forms so they are automatically added to a new user account when its setup.

We use SSO with Azure AD for our Fresh Service, so this also means Fresh Service requesters should have their line managers listed.

However doesn’t seem to be an option, am I missing something, or is this in development?

We have an onboarding form that once approved creates the user in Azure AD, assigns groups, adds licensing, sets location and sets the manager.  It is possible to set the manager via this process. Is this what you are looking for?

 

 


Thanks Patrick,

Sorry should have updated this post, Fresh Service support pointed the Assign to manager option. However bits that don’t seem to work still are.

  1. Assigning users to mail-enabled group
  2. Not creating account until set date

Did you get anywhere with these?


@Malcz86 when an onboarding form is submitted, we create the user account right away even if they will not start 30 days out.  We don’t wait for the set date to create the account.  There are a few reasons we decided this (a) low risk, we don’t provide anyone the initial password until their start date. (b) the user needs to be in the system so that they appear in FreshService as a requestor. This allows the manager to request access to other systems and software licenses prior to their start so they are ready day one and to do that their name has to be populated in FreshService.  Some of our business licensing takes finance, approvals and procurement that can take longer than when we are starting the employee so that gives the manager time.  Now if the manager doesn’t put in those requests until the day before their start date, it will not be ready when they start.  That is a risk that the manager is responsible for.

I’m used to marking an account disabled until their start date however I learned you can’t do that here because when you disable the account it removes it from FreshService.  So we keep the user account enabled but don’t provide the password until the morning of their start.

Assigning users to mail-enabled groups is no issue.  During the workflow for onboarding you can assign to mail enabled groups because again we are creating the account first. 

At the beginning of the workflow we create the user. Later in the workflow we have an action to add user to a group. Here it is our employee group so we put in the group objectID.  

 


Thanks Patrick,

Are you adding users to a MS 365 or a Distribution group? most of our groups are distribution when I test the app action I get the below. Adding to 365 groups does work.

 


@Malcz86 I believe mine are all security groups or office 365 groups not distribution but I will have to look into mine.

I did find this Refresh article from a year ago where it was working but then users started having issues: 

 


Reply