Join us for a webinar about Freshservice Change Management on 27th March. Save your seat

Start a new topic
Discussions Freshservice Forums Feature Requests
Implemented

Additional Mappable AD Attributes for SAML SSO

 We've just implemented SAML SSO using our Azure federated domain.  As of now the only fields that are pulled when a user logs in are:


  1. First Name
  2. Last Name
  3. Email
Realistically this isn't enough.  For automation, security, and other features to function the user must have a Department and Manager.  Additional fields that would make our HelpDesk analysts' job easier include:
  1. Phone (Cell and Office)
  2. Office (Location)


1 person likes this idea

Kevin, 


Thanks for explaining your requirement. We have received similar requests from other users already and we have included this in our longterm roadmap. I'll post an update once we start development.


Best,

Sid

Freshservice Product Team

I am also using Azure federation and I have First, Last, Email, Phone Numbers, Reporting Manager, Department, and Title's pulling into FreshService.  I couldn't figure out how to get the Office to come but I didn't spend more than a few minutes setting this up.


To get the department and titles I just added those attributes to the Azure Application SAML Tokens


SBU0cGaKcg1q5GnRB_pMk8O5rFiyd4-ohA.png


Good to hear, thanks!

 

This wouold be helpful for us as well.

@Kevin: as a workaround (assuming you haven't already thought of this), you could use some custom AD attributes and the Discovery probe. We use SAML SSO via Office 365 which is good for the Requestors and avoids the need to register. We use the AD probe with some custom fields to bring in the extra data from AD that we want.

Thanks Adam, Nicholas, for chipping in with recommendations. 


@Nicholas, We do not support this as of now (We only support updating name, email and phone). Have you faced any issues updating the department / Title for users after configuring the attributes in Azure? Also, do you have any other mode of user sync such as the AD sync using the probe enabled?




I have tried to update the phone via SAML ADFS. What outgoing claim attribute is the correct one for the office phone number?


I have used phone as attribute. This failed.


It would be great if you extend the attributes in a next version.



Dennis, 'phone' is the correct attribute. Please raise a support ticket and we can troubleshoot the issue. 

Folks, we now support updating all the default requestor attributes using SAML SSO. 

You can find more information here


The new list of attributes supported: 

Email Address

First Name

Last Name

Job Title

Phone

Mobile

Department

Reporting Manager

Address

Time Zone

Language

Location



Thanks very much!

 

Hi Team,


We just created SSO with office 365 and FreshService.


When a user logs in to fresh service using O365 credential, it does not get the first name and last name from O365. Instead it take firstname as username (without @domain.com) form O365. Below is the configuration screenshot. Appreciate your help.


image


The namespace mapping is the problem here. Please remove the configuration given in NAMESPACE (Ensure that the NAMESPACE field is empty) and everything would work fine.

Login or Signup to post a comment
JS Bin