We just started our Freshservice trial this weekend and are impressed with what we've seen so far-but I see some room for improvement for authentication. While the single sign on option for Active Directory is a nice touch, I would suggest an option to use LDAP authentication. Essentially your customers would enter an IP for their AD server, a username and password with read-only rights to AD, the appropriate search base information etc. Once this is in place requesters can sign in from anywhere, not dependent on being able to access the internal IIS server running the AD script.
In reality you could use both of these methods together-enable a check box on the sign in page to use single sign on when you are within the corporate network-just like the feature for VMware web client. When you're not on the corporate network the requester can just enter their email address (or domain user ID and AD password).
I realize you can achieve similar results by making the IIS server available publicly either through port forwarding or putting it in a DMZ, but if you implement my suggestion as mentioned above and supply a range of IP's for your servers that are making the LDAP requests, the customer can easily open up the necessary ports on their firewall and specify the allowed IP ranges for those ports. Seems like a more secure option in my opinion...I'm more than happy to be educated to the contrary. We currently do this with our SaaS vendor for email security/spam filtering. The end users just sign in with their email address and use their windows password..from anywhere. It works quite well.
10 people like this idea
Judson University very much agrees with this. We also do this with a couple services we use and it works very well. Thanks for the submission, Glenn!
I also would like to see this implemented
+1 for LDAP
+1 , This would be awesome!!!!
Please implement this