Visit Freshworks.com Visit Freshworks

Best practice for requesters that are no longer company employee's

M
Rank

I've been somewhat frustrated that the AD integration does not "deprovision" requesters when they are removed from AD. I was about to start purging them manually and it occurred to me that some platforms (ex Salesforce) require that account to remain for audit trail purposes and allow you to deactivate and hide the record from view.


What is everyone's practice for dealing with former employee requesters? Do you purge them or something else?


What is the official Freshservice position on this? Will removing requesters have an adverse affect on any product functionality?


19 replies

M
Rank

@FreshService Any guidance on the product design around this issue would be phenomenal!


T
Rank

We have the same question. It is shocking we can't remove ex-employees.....


M
Rank

@Tony with GDPR compliance you can now "Forget" them from the trash, but it's very manual.


We still don't have any guidance from FreshService as to how the product is intended to function. I may not necessarily agree with the intent, but they should at least provide that guidance.


A
Rank

Did you get an answer regarding best practices on removing ex-employees?   I see that we can either delete or forget them, but my only concern is I don't want tickets they've submitted to be deleted or forgotten (whatever forgotten means).  As an ex-employee, they should no longer have access to the portal or their tickets, but I as an admin should still be able to report on tickets they've submitted.


T
Rank
@Adiaz I hadn't thought of that and it is a good point. If tickets are deleted along with the user account, what affect will this have on historical data? If there is an unusual high turnover then historical trend reporting won't be accurate I imagine.
M
Rank

@Adiaz none so far. From what I've seen of the forums, this is where questions and feedback goes to die... no one from FreshWorks is monitoring.. Although they do moderate the comments, so who knows what feedback we arent seeing.


M
Rank

@Matt We only monitor for spam. So you are seeing all the feedback that is posted 🙂. I apologize for taking this long to get back respond to your query.

As a best practice, we recommend moving the employees who leave the organization as "deleted". This is more of a "soft delete" and all the context related to the user is maintained while any new tickets / associations for the user is not possible.


When you "forget" a user, the user is anonymized and all personally identifiable information of the user is removed from Freshservice.


Btw, you had mentioned that the AD integration does not deprovision the users. When you delete the users from your AD, the probe will also mark the users as deleted. Let me know if that does not work as expected.





M
Rank

@Mohana, Thanks for your response, albeit somewhat goaded by me. I will follow up that I have requesters that have been completely deleted from AD and are still in my environment as active. That said, we have to use both the AzureAD integration for SSO and the probe to pull users over. We really would like to be able to move 100% to the AzureAD integration. are there plans to increase the capabilities of that integration? AzureAD has mechanisms in place to provision and de-provision if the 3rd party (Freshservice in this case) is instrumented to do so.


On another note, I would think that a company that builds service desk solutions would have expertise in ticket deflection. Community engagement like these forums could help to relieve a significant portion of the "how do I {x}" type questions that I send to your helpdesk and I'm sure other admins do as well. That said, waiting months for a response from a company rep, or years(as I've noted in other threads) for feedback on bugs and minor product deficiencies with enormous impact, has the opposite effect. I now create a ticket every time I have a question instead of coming here to self-help. I'm starting to get on a first name basis with at least 1 support rep. Help me help myself, please.


M
Rank

Matt, I hear you loud and clear. We definitely can do better with engagement on these forums and it is an area we are working on improving. So, these delays should not happen in the future. 


Let me know if we can help troubleshoot the issue with the AD sync. Also, about the AzureAD integration, we are looking to get on SCIM to enable better provisioning / de-provisioning from Identity Management tools to Freshservice. I'll check in with the team and circle back on this.

M
Rank

Matt, did you get a chance to check the AD sync? Is this working as expected? 

I checked with the team on the AzureAD integration and looks like it's not in the works right now. Will share more details once it's prioritized for dev.

O
Rank

I use Probe to provision requesters to FreshService.  However, when I delete a user from AD, Probe did not sync the deletion to FreshService.  The user remains a active user (not deleted) in FreshService.


M
Rank

Mohana, No when I delete a user from AD, they are not deleted in FS. This is using the Probe, same as Vagaro reports. Please help the dev team understand the urgency of developing for the cloud market. More and more organizations are moving away from traditional AD if they can. SCIM is not the only answer here. In fact, I would bet money that at least 50% of your clients don't use that large traditional, expensive, enterprise-level of a tool anyway. If they are using those, they're probably using Salesforce or some other ERP/CRM for their internal ticketing. Freshservice's appeal is to a smaller more nimble organization that doesn't, or consciously chooses not to, have the staff to manage a highly available system to support their ITSM on-prem. This probably means they don't want to spend money on huge on-prem deployments of System Center either. 


AzureAD is growing fast, and it is very different than traditional AD.  Please figure out how to make this work.


A
Rank

@Mohana - I also am very interesting in having provision/deprovision integration with AzureAD. Is there a place we may vote the feature up?


G
Rank

Hello,


I'm a maybe potential customer and in a tryout mode for the moment.


I read all comments, 10 months after ... nothing ?

I'm disappointed by the documentations (very old and not // with the actual version) and some of cases like thios one ...


Try import from Google, freshservice import the secondaries emails (no mapping like csv import), you "delete" all users at the hand " (more 700) , make a clean csv file from Gsuite admin, import it in freshservice and obtain 150 errors ... why ? because some users already deleted !!!!!


We walk with the head !


please add a sql function "select from ... delete" 


C
Rank

Moreover, you are capable to have an entire picture of what you
require now and shortly to retain your customers. SAP Business One gives you
the capability to identify, plan and execute actions to align perfect demand
and supply balance and thus optimizing your business profits.


J
Rank

Any update on the SCIM implementation?


I
Rank

Hello,


Any updates on supporting Azure SCIM provisioning?


Thanks,

Ilya


M
Rank
Badge +5

Hello!


We already have SCIM apps available for two identity management platforms:


Okta: https://www.freshworks.com/apps/freshservice/okta_provisioning_scim/

OneLogin: https://www.freshworks.com/apps/freshservice/onelogin_provisioning_scim


A similar app for Azure AD has been developed and submitted to Microsoft for approval. We expect the approval to come through in a few weeks.


Mithun Mohandas

Product Manager, Freshservice

H
Rank
Badge +1
Any news? “A few weeks” have passed 🙂

Reply


Terms of UseCookie settings