Overview

Perform operations in AzureAD using workflows and track apps, users and usage in Freshservice.


Description

The Azure AD integration lets you automate repeatable actions within Freshservice and also helps you track accurate usage information for SaaS Management. 


Orchestration

Orchestration apps give you the ability to automate several repeatable actions that span across a diverse set of systems by performing specific actions with Freshservice Workflows. With the Azure app you can perform actions for:


User Management

  1. Create User

  2. Update User

  3. Add User to Group

  4. Reset Password

  5. Delete User

  6. Disable User

  7. Get Users Details by User ID

  8. Get Users Details by Username

  9. Revoke users sign in sessions by ID

  10. Revoke users sign in sessions by username

  11. Assign Manager to User

  12. Get Users Manager By Username

  13. Enable User by Username

  14. Enable User by User ID

  15. Check Is User Enabled By Username

  16. Check Is User Enabled By ID

  17. Lookup extension property

  18. Get User Properties

  19. Add User to Multiple Groups

    

Group Management

  1. Create Group

  2. Update Group

  3. Delete Group

  4. Get Group Details

  5. Remove Group Owner

  6. Remove Group Member

  7. Assign Group Ownership to User using User ID

  8. Assign Group Ownership to User by Username

  9. Add User to Multiple Groups


Application Management

  1. Get Application Details

  2. Remove Application Password

  3. Delete Application

    

Directory Objects Management

  1. Delete Directory Object with ID

    

Organization Management

  1. Get Organization Details

    

License Management

  1.  Add License To User with Username

  2.  Add License To User with ID

  3.  Remove Licenses with Username

  4.  Remove Licenses with ID

  5.  Add License to Group

  6.  Remove Licenses from Group


SaaS Management


Freshservice’s direct integrations for SaaS management enables accurate and reliable user and usage data discovery. Integrate with Azure AD to:


  • Discover and track the usage of apps that employees authenticate using Azure AD.

  • Manage users and their data for these apps

  • Track their 60-day login history in Freshservice with a 24-hour sync ensuring updated information. 

This integration requires the SaaS Management Add-on. More details can be found here.


To use this integration for SaaS Management, 

  • Enable the SaaS Discovery toggle and provide the Freshservice Domain Name & the Agent API Key.
    Note: To know more about what SaaS Discovery is, click here.
  • Click Verify
  • Once the verification is successful, Click Add and complete the installation by clicking on Install. 
    Note: 
    The first sync might take a couple of hours depending on your data load.

Note:

To discover the 60-day login activity from Azure AD to Freshservice, this integration requires the user configuring the integration to have an Azure Directory Premium P1 or P2 license. The integration can be used even if you don’t have this license, but user login activity will not be available in Freshservice.



Prerequisites

  1. Azure Active Directory App Should Be Created

  2. Once you login into your account on the Azure portal and navigate to search for “Azure Active Directory”. 

  3. On the active directory page in the left side panel, Click on App Registrations

  4. Then click on New registration

  5. Enter a meaningful name for your app such as “fs-orchestration”

  6. Click on Register


 

  B. Permissions Should Be Assigned

In the Azure portal, go to Azure Active Directory,

  1. Click on “App Registrations”, then select your app

  2. Click on “API Permissions” 

  3. Then, “Add Permissions” >  ”Microsoft Graph” > “Application Permissions”

  4. Select the permissions mentioned below

  • Application.ReadWrite.All

  • User.ReadWrite.All

  • Group.ReadWrite.All

  • Organization.Read.All

  • Directory.ReadWrite.All


If you're enabling the integration for SaaS management select the following permissions in addition to the above.


  • AuditLog.Read.All
  • Directory.Read.All
  • Reports.Read.All (Optional - If you plan to integrate the Microsoft 365 integration for SaaS Discovery, adding this permission will allow you to use the same Client ID & Secret to set up the other integration as well)
  1. Make sure you click on “Grant Admin Consent for Directory”


    

Installation Parameters

1. Client ID

2. Key (Secret Value)

3. Active Directory Domain


Installation Parameters Description

All installation parameters can be found in the Azure portal.

  1. Once you login into your account on the Azure portal, navigate to search for “Azure Active Directory”. 

  2. On the active directory page in the left side panel, click on Overview > Copy “Primary Domain” i.e. your Active Directory Domain

  3. App Registrations > Open App > Copy “Application (client) ID

  4. App Registrations > Certificates & secrets (left panel) > Click on “New client secret” > Copy “Value”, which is your secret key. 


Please ensure that you copy and save this key since it will not be visible post its creation.



Usecases

Now that you've successfully installed the Azure AD orchestration app, please have a look at the sample use cases below to show how the app can be used efficiently.