Restrict Registration Based On Domain


On the customer portal it seems like anyone can register no matter what domain they are apart of. Is there way to only allow people to register if they say only have the domain @example.com or whatever I wanted. Thanks.


This topic has been closed for comments

35 replies

Badge +6

This feature that took 3 years to implement (OMFG) is still poorly done. If I have more than one customer portal, a registered user (whitelist or not) can login to any of the portals. Yes a user from company A would have to guess the url of company B's support portal but if we have confidential or proprietary information in solutions or tickets then this is a big security issue for us. The settings that you have implemented for support portals need to be on a per portal basis, not for all portals. Any chance this will be fixed or are we looking at another 3 years?

Helpdesk Restrictions based on whitelisted domains is now available in Freshservice. You can find more information about this feature here.

Please give the feature a spin and share any feedback you may have! 

I spoke too son when i mentioned the dates earlier.We had to perform some extra checks on security related items w.r.t this feature and hence the delay.


If everything goes according to the plan, it should be out by 4th week ,worse case by end of this month.


Maljeev

It has been 4 weeks. Launch update?

Hello Everyone,


Here's a peek into how Domain Whitelisting will work in Freshservice. Will update this thread once the feature is launched. 


image



"Danilo, check back again in 2038. "


Apologies ,we should have take care of this earlier.

We totally understand the frustration and the good news is you don't have to wait till 2038 for this :-).


Our development team is already on it and the feature should be out within 3-4 weeks.


Maljeev Rafi

Freshservice Support Manager

Danilo, check back again in 2038.


Hi!!


Can you tell when this version will be ready?

April 2017 and this still seems to be an issue... this thread started in 2014, if this issue was 'important' then it would have been fixed by now.

Hi All,


Sorry for the delay here. We completely understand the importance of this feature and we do have this in the Roadmap.


Recently we have migrated from Rails 2.0 to an upgraded platform. Also, this feature is already available in Freshdesk, so we will be bringing this soon in Freshservice too along with a few other interesting features like Project Management, Custom Reports for Tickets etc.


We will keep you posted once this feature is released.



Hello,


Still no update on this serious issue ?

I cannot deploy this solution in my domain if there is no restriction... 

I was excited at the prospect of using an ITIL based tool, but the inability of Fresh Service to answer this basic issue has led us to deploy JIRA instead. :(

I too would like to see that feature implemented, as we are a company in IT security and would like to restrict login only to selected domains. Thanks.

If you are using Google Apps Authentication, you can log in from any Google Apps domain, which is silly.

You can restrict access as John describes, then export your user list from the Google console, and import your users into freshservice, then manually provision new users.

So, I'm testing JIRA Service Desk instead. That took all of a few seconds to link my Google Apps domain.
I was able to restrict portal access to organizational users by implementing single sign-on and simply disabling the ability for requesters to sign up from the portal. Authentication is performed exclusively by my identity provider. Users that exist within my identity provider are automatically provisioned in Freshservice when logging in for the first time.
I'm giving this software a try. The feature list holds so much promise, but now the very first thing I would want from a cloud-based application: to lock the portal down to my organization, is not even supported and backlogged for two years? This is very confusing.

 

I agree, I understand that lots of "features and new integrations" have been made, but serioulsy, what we are asking for here is BASIC. This feature is a must, and should be ahead of some of those features you mentioned

After another six months, is there any update?

Hi all,


I understand there has been a delay (a lot of) in addressing this (and a couple of other) issue in the forums. In fact, there is a thread about this in the Freshservice User Groups on LinkedIn. Before I being explaining, please accept my apologies for this delay in replying to this thread.


We have been creating some new features (Bomgar integration, new self service portal, Box integration, improvements in automation, service catalog, mobile apps etc) in the last year - our engineers and product guys really had to work hard to make sure that we are good enough to compete with the older (and more established) service desk solutions out there. And trust me, we are almost there. We are seeing enterprises shift to Freshservice from the established players like ServiceNow, Cherwell, HP etc.


We are scaling up real fast - we launched in Jan 2014 and currently 4500+ enterprises are using Freshservice for ITSM. We are scaling up engineering and support to meet the exponential demand that we are seeing.


Please bear with us, we are doing everything we can to make sure we meet our customers' requests. There are certain features that we don't consider (trust me, we want to develop every feature request that comes our way; we really want to). We make sure we communicate the same.


But please don't worry, this feature is definitely there in the plan - we understand the importance of this particular feature. I will ask someone from product to answer to this thread ASAP so that you can get a better perspective.


Thanks a lot and once again, my apologies.


Narain

A year and two pages worth of comments, and you've yet to make this change? We just picked up OAuth for our apps, and it was one of the first things we figured out. Common.

Yeah, seriiously, the silent treatment is getting old.


Freshservice devs, I have googled this for you.

 

Requester registration should also be blocked by domain in the case of an email forward that gets automatically converted into a ticket. The email forwarded could have an unwanted external domain listed in the head of the email, sending a requester registration email to that external user in addition to the actual requesting user within the domain.

Douglas - this exact thing just happened to us.  I see that there is an IP Whitelisting option available now that I don't think was there before, but I don't think that setting would prevent a notification email from going out.  Until this gets addressed unfortunately I've had to turn off registration emails. 


Any word FreshService?

This is needed to prevent any clear spam.

The fact that this hasn't been addressed after over a year is pretty bad. This is the ABCs of in-house IT Help Desk. Please implement this ASAP.

Currently there is not the option top restrict domains. So we had to setup our web filter to block student access to freshdesk. Even though that does not help us when they get home. Regardless we have not had any problems. Very happy with the product.