Good Morning Guys,
So we're currently trying out freshservice as a possible ITSM/MSP solution, and so far all looks pretty good.
The only problem I'm having at the moment is not being able to stop unknown user's from submitting tickets/user's able to submit tickets on behalf of other users.
Currently if a user/requester logs into their portal, they can edit the name of the requester to anything they want, which then automatically pings off an account activation to the email address supplied (if valid).
Is there any way to limit this field so that it will only accept verified users? Or better yet hide the field entirely so that people can only submit tickets as themselves?
I've got it set up so that only registered users can log into the portal, but this doesn't stop them from then being able to edit the aforementioned field, as once the ticket is submitted with a non-registered user's email, the user can then register themselves. And we don't want to block sending of the account creation email so that when we create bona fide users they get the email automatically.
Thanks in advance for any advice!
We now support domain based restriction in Freshservice and you can configure it from Admin> Support Channel >Support Portal. This will make sure that users from other domains are restricted from creating Tickets and you can use this without any need of Custom apps or portal customization.
To the other point, you can restrict the portal to make sure only Logged in User's can submit a request. You can find the Settings in Admin> Support Channel >Support Portal. As for requests logged over email, we don't have any control over it. You can configure ruless for the requests raised through email to delete the ticket and trigger a user notification guiding user to the self service portal.
Hope this helps you out.
Hello freshworks team,
we are facing the same issue, but it's not enough to limit the domain ... we only want to grant registered users to create a ticket.
For an unknown requester we want an automail to be sent to the requester and advise him "you are not a registered user. please contact your key user"
Thank you for reaching out.
This can be done, you can allow only a specific email domain to be allowed to raise a ticket.
Please find the screenshots below.
User enters his official email domain, he is allowed to raise ticket
User enters his gmail id, he is not allowed to raise ticket
If this meets you requirement, this can be implemented using custom app on end user side which is supported in our Garden and Estate plans.
Hope this helps, feel free to write back for further support.