Today Freshservice lumps all users and contact into either Requesters or Agents. For organizations, such as mine, that are only using Freshservice as an internal helpdesk; this creates a number of issues. The root of them all though is that people outside of my organization are granted some form of access within my Freshservice environment.
Problem 1: Support portal and solutions. Anyone that has a requester is technically allowed to access my portal and solution center. We may put help information in our support articles that are specific to our organization and would be a great place for someone farming information to gather intelligence. While we use SSO to authenticate our users, and the likelihood of anyone gaining access is low, the possibility is still there.
Problem 2: Announcements. If someone types up an internal announcement and sends it to "everyone" then our vendors will receive an email. This is just frustrating and poses a significant risk of communicating internal-only information publicly. Because of this risk, we don't use the email option which means we need to send a secondary email to staff instead of the far more efficient method of clicking the checkbox and letting the tool do the work.
Whatever method is chosen is irrelevant, but there should be a way to limit access to and communicate with staff natively.