Freshworks named the only Challenger in 2021 Gartner® Magic Quadrant™ for ITSM tools. Access Report

Start a new topic

SSO When Azure Domain & Email Are Different

I've opened a support ticket on this, but I'm posting here in case anyone might have dealt with this before

We're a hybrid local AD / Azure AD environment.

We want to use the AD probe to import requesters, as most of our requesters won't ever login to the support portal, they'll just call us on the phone.  

However, if they DO want to login to the support portal I want them to be able to do it via SSO.  

The catch is that our email addresses are but our domain/how we login to azure/office365/sso is

So, the probe pulls our users in via AD with the email address of  When the go to login to SSO they login as and it says they don't exist since <>  

I've tried creating a custom uesr field mapping and pulling in userPrincipalName instead of email from the local AD, but that doesn't seem to work.  

Anyone dealt with similar?  Any ideas for a possible work-around?

1 Comment

Hi Justin,

In Freshservice, the email address is the primary identifier of any agent/requester and the login is also based on the same.

  • When the Probe fetches the users from the AD and creates them as requesters, their profiles have the

  • When the requesters sign in using their Microsoft credentials via the SSO configured with Azure, new requester profiles will be created with the domain,, if their email address in Azure has the domain,

This is how we have designed the creation of requester profiles in Freshservice. Are new user profiles being created when they login through Azure SSO or are there restrictions there?

Freshservice does not prevent creation of requesters unless Domain Whitelisting is enabled, and the requester does not belong to the whitelisted domains. (Admin -> Support Channels -> Portals -> Domain Whitelisting)

For further investigation, we’ll create a support ticket on your behalf and follow up on the same.



Login or Signup to post a comment