Overview
Perform operations in AzureAD using workflows and track apps, users and usage in Freshservice.
Description
The Azure AD integration lets you automate repeatable actions within Freshservice and also helps you track accurate usage information for SaaS Management.
Orchestration
Orchestration apps give you the ability to automate several repeatable actions that span across a diverse set of systems by performing specific actions with Freshservice Workflows. With the Azure app you can perform actions for:
User Management
Create User
Update User
Add User to Group
Reset Password
Delete User
Disable User
Get Users Details by User ID
Get Users Details by Username
Revoke users sign in sessions by ID
Revoke users sign in sessions by username
Assign Manager to User
Get Users Manager By Username
Enable User by Username
Enable User by User ID
Check Is User Enabled By Username
Check Is User Enabled By ID
Lookup extension property
Get User Properties
Add User to Multiple Groups
Check User is Part of Group by Username
Check User is Part of Group by User ID
Get Group Membership Of User By Username
Remove User from Groups by User ID
Group Management
Create Group
Update Group
Delete Group
Get Group Details
Remove Group Owner
Remove Group Member
Assign Group Ownership to User using User ID
Assign Group Ownership to User by Username
Add User to Multiple Groups
Application Management
Get Application Details
Remove Application Password
Delete Application
Directory Objects Management
Delete Directory Object with ID
Organization Management
Get Organization Details
License Management
Add License To User with Username
Add License To User with ID
Remove Licenses with Username
Remove Licenses with ID
Add License to Group
Remove Licenses from Group
Administrative Units
Create Administrative Unit
Update Administrative Unit
Get Administrative Unit By Id
Lookup Administrative Unit By Name
Delete Administrative Unit
Add Users To Administrative Unit
Add Groups To Administrative Unit
Remove Users From Administrative Unit
Remove Groups From Administrative Unit
SaaS Management
Freshservice’s direct integrations for SaaS management enables accurate and reliable user and usage data discovery. Integrate with Azure AD to:
Discover and track the usage of apps that employees authenticate using Azure AD.
Manage users and their data for these apps
Track their 60-day login history in Freshservice with a 24-hour sync ensuring updated information.
This integration requires the SaaS Management Add-on. More details can be found here.
To use this integration for SaaS Management,
- Enable the SaaS Discovery toggle and provide the Freshservice Domain Name & the Agent API Key.
Note: To know more about what SaaS Discovery is, click here. - Click Verify.
- Once the verification is successful, Click Add and complete the installation by clicking on Install.
Note: The first sync might take a couple of hours depending on your data load.
Note:
To discover the 60-day login activity from Azure AD to Freshservice, this integration requires the user configuring the integration to have an Azure Directory Premium P1 or P2 license. The integration can be used even if you don’t have this license, but user login activity will not be available in Freshservice.
Prerequisites
Azure Active Directory App Should Be Created
Once you login into your account on the Azure portal and navigate to search for “Azure Active Directory”.
On the active directory page in the left side panel, Click on App Registrations
Then click on New registration
Enter a meaningful name for your app such as “fs-orchestration”
Click on Register
B. Permissions Should Be Assigned
In the Azure portal, go to Azure Active Directory,
Click on “App Registrations”, then select your app
Click on “API Permissions”
Then, “Add Permissions” > ”Microsoft Graph” > “Application Permissions”
Select the permissions mentioned below
Application.ReadWrite.All
User.ReadWrite.All
Group.ReadWrite.All
Organization.Read.All
Directory.ReadWrite.All
AdministrativeUnit.ReadWrite.All
If you're enabling the integration for SaaS management select the following permissions in addition to the above.
- AuditLog.Read.All
- Directory.Read.All
- Reports.Read.All (Optional - If you plan to integrate the Microsoft 365 integration for SaaS Discovery, adding this permission will allow you to use the same Client ID & Secret to set up the other integration as well)
Make sure you click on “Grant Admin Consent for Directory”
C. Additional Permission should be assigned for Reset Password Action
In the Azure portal, go to Azure Active Directory,
Go to Azure AD -> Roles and administrators
Search for the User administrator role and select it.
Click on Add assignment and search for the app created in Prerequisite point A, select the app from search results then click Save.
Installation Parameters
1. Client ID
2. Key (Secret Value)
3. Active Directory Domain
Installation Parameters Description
All installation parameters can be found in the Azure portal.
Once you login into your account on the Azure portal, navigate to search for “Azure Active Directory”.
On the active directory page in the left side panel, click on Overview > Copy “Primary Domain” i.e. your Active Directory Domain
App Registrations > Open App > Copy “Application (client) ID
App Registrations > Certificates & secrets (left panel) > Click on “New client secret” > Copy “Value”, which is your secret key.
Please ensure that you copy and save this key since it will not be visible post its creation.
Usecases
Now that you've successfully installed the Azure AD orchestration app, please have a look at the sample use cases below to show how the app can be used efficiently.
- Sample Use case for Azure AD Orchestration App- Employee Onboarding
- Sample Use Case for Azure AD Orchestration App- M365 License Assignment during Onboarding
