Start a new topic

Sync Active Directory group permissions

Ability to use probe for synchronization of AD groups to link/match up to Freshservice groups (departments). Specifically for the purpose of linking users to groups for viewing Solutions tied to specific group departments. e.g. HR, Accounting, IT, Parts, Service, etc...

If user jon.doe is in the Active Directory group "Accounting."

Then user jon.doe is granted access to department Accounting Helpdesk solutions

2 people like this idea

Hi Michael,

Just making sure that I've understood your usecase here.

If Jon Doe is in the "Accounting" department and there is a solution folder which is visible only to the users of that department, then Jon Doe should be able to see those solutions. Is this what you mean?.

And, the sync between AD "departments" and Freshservice "departments" is already available in the Probe. Initially, when you do a User Import using the probe, all the users and their associated departments are fetched and created in Freshservice and the user to department associations are also retained in Freshservice.

You can even schedule the user imports on the probe, so that it scans and pushes all the changes made to the users periodically.

1 person likes this

Michael, I have achieved this functionality using the REST API. I wrote a script that periodically checks the membership of a list of Active Directory groups and compares the results to the users and department assignments in Freshservice.

For example, if user jon.doe is added to the Accounting group in Active Directory, the script will automatically associate the user with the appropriate department in Freshservice the next time it runs. I have set up arbitrary Active Directory group to Freshservice department mappings in the script.

I, of course, have to define the departments in Freshservice and associate them with the solutions in advance.

I would be interested to hear about any updates. How is the script working out, etc?

The script has been working reliably for two years now. It currently adds or updates the following requester information:

  • name
  • email address
  • job title
  • phone number
  • Active Directory group membership <> Freshservice department

I will be happy to share this code if you are interested.

1 person likes this

Yes I would be very interested  I love the utility of Fresh Service so far and I'm interested in what else can be done. Thanks!

Login or Signup to post a comment