Skip to main content
  • EN

So looking to see if this is even functionally possible with FreshService. 

We have some custom AzureAD Security Groups that we use for managing users in various departments or teams in our Org. The membership is dynamically managed from AzureAD. Is it possible to add these security groups into FreshService to then use them as assignment groups? For example we want to be able to assign certain Knowledge Base Articles to specific teams, but we want those teams to be created and managed from AzureAD. This is different than the idea of freshservice adding users to a security group for access to a networkshare ..etc.. 

We already have the users syncing into FreshService, just trying to see about adding groups, if its possible. 

I understand the AzureAD Orchestrator can help read and add groups to assign users access as part of a workflow for a ticket, but this is just a bit different. I cant seem to find anything online about it, only about the users. 

 

So looking to see if this is even functionally possible with FreshService. 

We have some custom AzureAD Security Groups that we use for managing users in various departments or teams in our Org. The membership is dynamically managed from AzureAD. Is it possible to add these security groups into FreshService to then use them as assignment groups? For example we want to be able to assign certain Knowledge Base Articles to specific teams, but we want those teams to be created and managed from AzureAD. This is different than the idea of freshservice adding users to a security group for access to a networkshare ..etc.. 

We already have the users syncing into FreshService, just trying to see about adding groups, if its possible. 

I understand the AzureAD Orchestrator can help read and add groups to assign users access as part of a workflow for a ticket, but this is just a bit different. I cant seem to find anything online about it, only about the users. 

 

Closest I think you can is to add meta data to users in AzureAD and sync that to a custom field on users then setup dynamic requester group that use that field. 

@Daniel Söderlund I dont think that would work with the SCIM app if they are using that to sync users from AAD.

You could do a scheduled script that would function as below:

  • Has a list of each ObjectID for each group and it’s corrosponding requester group
  • Connects to AzureAD or MSOL
  • Gets the UPN’s of each member of the groups in your target and stores it as an array
  • Does an API get request searching for the requester by email
  • Parses the return to get the users ID
  • Does a put request to add the user to the requester group

The above doesnt account for:

  • Agents cannot belong to requester groups
  • Removing users from their “old” groups

The former isnt able to be accounted for; but the latter would require some heavier coding to do the compare and then removal.

@Daniel Söderlund I dont think that would work with the SCIM app if they are using that to sync users from AAD.

You could do a scheduled script that would function as below:

  • Has a list of each ObjectID for each group and it’s corrosponding requester group
  • Connects to AzureAD or MSOL
  • Gets the UPN’s of each member of the groups in your target and stores it as an array
  • Does an API get request searching for the requester by email
  • Parses the return to get the users ID
  • Does a put request to add the user to the requester group

The above doesnt account for:

  • Agents cannot belong to requester groups
  • Removing users from their “old” groups

The former isnt able to be accounted for; but the latter would require some heavier coding to do the compare and then removal.

What are you talking about? You can sync custom attribut on users from azure/AD with the Azure SCIM app to a custom field on the requester. 
It tells you how to do that in the documentation and in the app it self how do that. 

We attempted to pull our users’ samaccountname out of their AAD profile and into the requester profile however FS support, the company who made the app, and our own engineering team was unable to figure out how to pull that attribute out of the users AAD profile using claims in the scim app config.  If you’ve figured that out, please share :D

Since we’re not gaining employees regularly, I just resorted to updating it manually every month since our onboarding is in the single digits.

We attempted to pull our users’ samaccountname out of their AAD profile and into the requester profile however FS support, the company who made the app, and our own engineering team was unable to figure out how to pull that attribute out of the users AAD profile using claims in the scim app config.  If you’ve figured that out, please share :D

Since we’re not gaining employees regularly, I just resorted to updating it manually every month since our onboarding is in the single digits.

In the Azure skim app you can find a list of all custom fields 
Example 

On this page Tutorial: Configure Freshservice Provisioning for automatic user provisioning with Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn it sas 

At the bottom of the attribute list, enter information about the custom attribute in the fields provided. The custom attribute urn namespace must follow the pattern as shown in the below example. The CustomAttribute can be customized per your application's requirements, for example: urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:isAgent

 

So in the screenshot it this 2 lines 

urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:iscompany
urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:iscountry

It’s case sensitiv.  It could be that you need to remove the “is” efter User:

 

Yeah; Samaccountname doesnt show up. Custom tags would work as well as per your comments but that could lead to a slippery slope. Good insights on your part! :)

Yeah; Samaccountname doesnt show up. Custom tags would work as well as per your comments but that could lead to a slippery slope. Good insights on your part! :)

What do you mean with custom tags? You mean custom fields?

There are no SAMAccount field in Freshservice,  you need to create it your self as a custom fields. 

Terms of Use