Freshservice is the fastest-growing ITSM vendor - Gartner 2020 Magic Quadrant. Learn More

Start a new topic
Discussions Freshservice Feature Requests
Implemented

Additional Mappable AD Attributes for SAML SSO

 We've just implemented SAML SSO using our Azure federated domain.  As of now the only fields that are pulled when a user logs in are:


  1. First Name
  2. Last Name
  3. Email
Realistically this isn't enough.  For automation, security, and other features to function the user must have a Department and Manager.  Additional fields that would make our HelpDesk analysts' job easier include:
  1. Phone (Cell and Office)
  2. Office (Location)


3 people like this idea

Kevin, 


Thanks for explaining your requirement. We have received similar requests from other users already and we have included this in our longterm roadmap. I'll post an update once we start development.


Best,

Sid

Freshservice Product Team

I am also using Azure federation and I have First, Last, Email, Phone Numbers, Reporting Manager, Department, and Title's pulling into FreshService.  I couldn't figure out how to get the Office to come but I didn't spend more than a few minutes setting this up.


To get the department and titles I just added those attributes to the Azure Application SAML Tokens


SBU0cGaKcg1q5GnRB_pMk8O5rFiyd4-ohA.png


Good to hear, thanks!

 

This wouold be helpful for us as well.

@Kevin: as a workaround (assuming you haven't already thought of this), you could use some custom AD attributes and the Discovery probe. We use SAML SSO via Office 365 which is good for the Requestors and avoids the need to register. We use the AD probe with some custom fields to bring in the extra data from AD that we want.

Thanks Adam, Nicholas, for chipping in with recommendations. 


@Nicholas, We do not support this as of now (We only support updating name, email and phone). Have you faced any issues updating the department / Title for users after configuring the attributes in Azure? Also, do you have any other mode of user sync such as the AD sync using the probe enabled?




I have tried to update the phone via SAML ADFS. What outgoing claim attribute is the correct one for the office phone number?


I have used phone as attribute. This failed.


It would be great if you extend the attributes in a next version.



Dennis, 'phone' is the correct attribute. Please raise a support ticket and we can troubleshoot the issue. 

Folks, we now support updating all the default requestor attributes using SAML SSO. 

You can find more information here


The new list of attributes supported: 

Email Address

First Name

Last Name

Job Title

Phone

Mobile

Department

Reporting Manager

Address

Time Zone

Language

Location



Thanks very much!

 

Hi Team,


We just created SSO with office 365 and FreshService.


When a user logs in to fresh service using O365 credential, it does not get the first name and last name from O365. Instead it take firstname as username (without @domain.com) form O365. Below is the configuration screenshot. Appreciate your help.


image


The namespace mapping is the problem here. Please remove the configuration given in NAMESPACE (Ensure that the NAMESPACE field is empty) and everything would work fine.

What is the Azure AD attribute name for Reporting Manager? I don't see anything in the list it pulls from AD that would correlate to a manager/supervisor?



claim.jpg
claim.jpg
(41.6 KB)
1 person likes this

In the Source Attributes under Manage Claim I don't see any of the following:

Mobile

Department

Reporting Manager


Is there a way to make them available, as we obviously have the fields within AD?

I would also like to see how to get: 

Mobile 

Report Manager from Azure AD SAML Claims

Thanks

1 person likes this
Login or Signup to post a comment