Start a new topic

Best practice for requesters that are no longer company employee's

I've been somewhat frustrated that the AD integration does not "deprovision" requesters when they are removed from AD. I was about to start purging them manually and it occurred to me that some platforms (ex Salesforce) require that account to remain for audit trail purposes and allow you to deactivate and hide the record from view.


What is everyone's practice for dealing with former employee requesters? Do you purge them or something else?


What is the official Freshservice position on this? Will removing requesters have an adverse affect on any product functionality?


9 people have this question

@FreshService  Any guidance on the product design around this issue would be phenomenal!


2 people like this

We have the same question. It is shocking we can't remove ex-employees.....


1 person likes this

@Tony, with GDPR compliance you can now "Forget" them from the trash, but it's very manual. 


We still don't have any guidance from FreshService as to how the product is intended to function. I may not necessarily agree with the intent, but they should at least provide that guidance.

Did you get an answer regarding best practices on removing ex-employees?   I see that we can either delete or forget them, but my only concern is I don't want tickets they've submitted to be deleted or forgotten (whatever forgotten means).  As an ex-employee, they should no longer have access to the portal or their tickets, but I as an admin should still be able to report on tickets they've submitted.

@Adiaz, I hadn't thought of that and it is a good point. If tickets are deleted along with the user account, what affect will this have on historical data? If there is an unusual high turnover then historical trend reporting won't be accurate I imagine.

@Adiaz, none so far. From what I've seen of the forums, this is where questions and feedback goes to die... no one from FreshWorks is monitoring.. Although they do moderate the comments, so who knows what feedback we arent seeing.

@Matt, We only monitor for spam. So you are seeing all the feedback that is posted :). I apologize for taking this long to get back respond to your query. 

As a best practice, we recommend moving the employees who leave the organization as "deleted". This is more of a "soft delete" and all the context related to the user is maintained while any new tickets / associations for the user is not possible. 


When you "forget" a user, the user is anonymized and all personally identifiable information of the user is removed from Freshservice. 


Btw, you had mentioned that the AD integration does not deprovision the users. When you delete the users from your AD, the probe will also mark the users as deleted. Let me know if that does not work as expected.





@Mohana, Thanks for your response, albeit somewhat goaded by me.  I will follow up that I have requesters that have been completely deleted from AD and are still in my environment as active.  That said, we have to use both the AzureAD integration for SSO and the probe to pull users over. We really would like to be able to move 100% to the AzureAD integration. are there plans to increase the capabilities of that integration?  AzureAD has mechanisms in place to provision and de-provision if the 3rd party (Freshservice in this case) is instrumented to do so. 


On another note, I would think that a company that builds service desk solutions would have expertise in ticket deflection. Community engagement like these forums could help to relieve a significant portion of the "how do I {x}" type questions that I send to your helpdesk and I'm sure other admins do as well. That said, waiting months for a response from a company rep, or years(as I've noted in other threads) for feedback on bugs and minor product deficiencies with enormous impact, has the opposite effect. I now create a ticket every time I have a question instead of coming here to self-help.  I'm starting to get on a first name basis with at least 1 support rep. Help me help myself, please.

Matt, I hear you loud and clear. We definitely can do better with engagement on these forums and it is an area we are working on improving. So, these delays should not happen in the future. 


Let me know if we can help troubleshoot the issue with the AD sync. Also, about the AzureAD integration, we are looking to get on SCIM to enable better provisioning / de-provisioning from Identity Management tools to Freshservice. I'll check in with the team and circle back on this.

Matt, did you get a chance to check the AD sync? Is this working as expected? 

I checked with the team on the AzureAD integration and looks like it's not in the works right now. Will share more details once it's prioritized for dev.


1 person likes this
Login or Signup to post a comment
JS Bin