Note: This integration is available only for SaaS Management.

Freshservice’s integrations for SaaS management enable accurate and reliable user and usage data discovery. Integrate with Azure AD to:

  • Discover and manage all the apps that employees authenticate to using Azure AD

  • Track the users assigned to each of these apps in Freshservice 

  • Analyze the usage of each of these apps by tracking the 60-day login history of each user for each app.

  • Keep all the information updated through regular sync (once every 24 hours) between Azure AD and Freshservice


To discover the 60-day login activity from Azure AD to Freshservice, this integration requires the user configuring the integration to have an Azure Directory Premium P1 or P2 license. The integration can be used even if you don’t have this license, but user login activity will not be available in Freshservice.

Install the integration in Freshservice

  1. In Freshservice, navigate to Admin → SaaS Management and click on Azure AD SaaS Discovery App

  2. Use Account Label to give a unique name for this account’s integration with Freshservice to identify the apps discovered using this Azure account. 

  3. In the Integration Add New Account page, enter the Client IDSecret Key and your Active Directory Domain copied from Azure AD. 

Get Client ID and Secret from Azure AD 

  • Head to your Azure account, and search for Azure Active Directory

  • Select your directory from the list here and click on App registrations

  • Click New Registrations and register a new application here by providing an App Name

  • Once the application has been created, click on Certificates & Secrets option under Manage section.

  • App Registrations > Certificates & secrets (left panel) > Click on “New client secret” > Copy “Value”, which is your secret key.

  • Copy the Application (Client) ID and the generated secret key store in a secure location. 

  • The newly created application registration should have access to API permissions to list applications, users, and their usage information. This can be enabled under API permissions tab.

  • Click on New Permission → Application Permissions → Graph API and add the following permissions for the app:

    • Application.Read.All

    • AuditLog.Read.All

    • Directory.Read.All

    • User.Read

    • User.Read.All

    • Reports.Read.All (Optional - If you plan to integrate the Microsoft 365 integration for SaaS Discovery, adding this permission will allow you to use the same Client ID & Secret to set up the other integration as well)

  • Once all the permissions are added, click on Grant Admin consent for all the permissions. 

  • Once you see a green tick against all the permissions, all the permissions are successfully applied.