Solved

Freshservice Workflow Automations

  • 15 June 2022
  • 9 replies
  • 242 views

Userlevel 4
Badge +4

Looking for guidance on a source for working through some workflow automation basics.

I’m trying to set up some basic workflows like: User requests access to SAAS application, when approved by manager and approved by business owner add them to an Azure Security group, resolve request but have basic questions on setting this up.

I’ve watched all the youtube videos, fresh academy and searched the community for other questions but can’t find answers. Is there another self-service source I can review or is there a place people post their workflows to show them off?

icon

Best answer by daniel.soderlund 16 June 2022, 10:15

View original

9 replies

Userlevel 1

Hi @PatrickMurphy 

 

To set up Azure AD orchestration follow this documentation

Configure AD server first from orchestration center-

https://support.freshservice.com/en/support/solutions/articles/50000003328

and create the workflow using for the event(for the particular service request raised)-drag the app and set the actions for Azure AD

follow the below solution article.

https://support.freshservice.com/en/support/solutions/articles/50000003329-sample-use-case-for-azure-ad-orchestration-app-employee-onboarding

 

Hope this helps

Userlevel 6
Badge +10

Hi @PatrickMurphy 

Is it the adding the user to AD group or the approval processes ? 
And you license level are ? 

//Daniel 

Userlevel 4
Badge +4

So here is my workflow so far. I’m using custom objects to define the Business Owner (for approvals) and Azure Group ObjectID (for the action).

 

Q1: In this workflow if the manager or business owner don’t approve do I really need a action to resolve the ticket or does that happen as part of the denial response.  Trying to simplify the design.

Q2: As part of the request we ask for business justification, for the notifications that go to the Manager and Business owner, I would like to add the Business Justification or any other custom field on the request form to the notification but I can’t figure out how to manipulate the Approval emails to add custom fields.

Q3: When someone requests on behalf of someone else, the manager lookup happens not for who it is requested for but who initiated the service request.  The business owner would always be the same but the manager may be different.  Also in the current workflow adding the user to the Azure Group works however it is always adding the requestor not who requested it.  Looking for how people design their workflow around Requestor vs Requested For.

 

 

Userlevel 4
Badge +4

@Mathew Sebastian yes I did both the Azure AD orch and Azure Active Directory Provisioning (SCIM) those are working well, although I have some separate issues with it syncing all the data. That is a separate topic I can post.

Userlevel 4
Badge +4

@daniel.soderlund the Azure part works it is mainly the flow issues I’m having. The idea would be to create a full catalog of all SAAS applications that are SSO enforced and have a business owner and azure group to manage them. Then tackle others later.

There are several issues outside of just adding a user to a group like:

  1. IT or the business owner has to actually provision the user in the appropriate SAAS application with the right roles.
  2. Licensing requirements for the SAAS application
  3. Offboarding Users, just removing from Security Group doesn’t remove the users from the SAAS application or recover licenses where appropriate.
Userlevel 6
Badge +10

Okay, 

The setup I have done is to use a webrequest to get the manager for the requested for user. 
I don’t use the approve / rejected. I rather loop the same WFA until it’s approved. 


 

 

Userlevel 6
Badge +10

Q3: When someone requests on behalf of someone else, the manager lookup happens not for who it is requested for but who initiated the service request.  The business owner would always be the same but the manager may be different.  Also in the current workflow adding the user to the Azure Group works however it is always adding the requestor not who requested it.  Looking for how people design their workflow around Requestor vs Requested For.

 

 

I checked my WFA and it’s sending to the requested for’s manager. 

Userlevel 4
Badge +4

Not familiar with Webrequests do you need an Orchestration Server for that, looks like it is asking me for one.  Wonder if I can modify the flow if there is no Requested for then use the R1.Manager otherwise if there is a Requested for then go lookup that manager and set a variable somewhere.  Then continue the flow of approvals as intended.

Userlevel 6
Badge +10

Not familiar with Webrequests do you need an Orchestration Server for that, looks like it is asking me for one.  Wonder if I can modify the flow if there is no Requested for then use the R1.Manager otherwise if there is a Requested for then go lookup that manager and set a variable somewhere.  Then continue the flow of approvals as intended.

You are using the API Service Desk API for Developers | Freshservice with the webrequest node. 
(But I just checked and they have added more placeholders so I don’t need to use a webrequest)

Then you have a static R1.Manager in your Custom Object (CO) ? 
Is that per SI in the CO ? 

What I’m doing is something like this if  {{ticket.requester.id}} == {{ticket.actual_requester.reporting_manager.id}} 
Approved 
 

Reply