effy

Overview

This troubleshooting guide is intended for administrators using the Azure Active Directory Provisioning (SCIM) app with Freshservice. It covers common provisioning issues, error handling, and step-by-step configuration resolutions.

1. Mapping Custom Fields (Employee ID, Location, etc.)

Issue: Custom fields not syncing to Freshservice

Steps to Resolve:

1. Go to Azure Portal > Enterprise Applications > Freshservice Provisioning.

2. Under the Provisioning tab, click Edit Attribute Mapping.

3. Click Show advanced options > Edit attribute list for Freshservice.

4. Add a new attribute:

   • Name: urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:<field_name>

   • Type: String

5. Click Save.

6. Back on the mapping page, click Add New Mapping.

7. Set Source Attribute to the Azure field (e.g., employeeId).

8. Set Target Attribute to the newly created custom attribute.

Tip: Find valid field names in Freshservice > Admin > Apps > Azure SCIM Provisioning > Settings, under the Bearer Token section.

2. Duplicate Users Being Created

Issue: Freshservice creates new users instead of updating existing ones.

Resolution:

• Ensure Azure's mail or userPrincipalName is mapped to userName in Freshservice.

• Confirm existing Freshservice users have the same value in the email/username field.

• Avoid using externalId mapping unless needed.

Best Practice: Map Azure's mail to userName to maintain identity consistency.

3. Manager Field Not Syncing

Issue: The manager is not shown in Freshservice.

Steps to Fix:

1. In Azure, go to Edit Attribute List.

2. Add:

   • Name: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager

   • Type: Reference

   • Reference Object: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

3. In mappings:

   • Source: manager

   • Target: above-created manager field

4. Provision the manager first, then the reportee.

Note: Azure must store the Freshservice ID of the manager.

4. Only Updated Fields Sync

Answer: Azure always sends the full user object. Freshservice only updates fields with new values, but cannot isolate specific fields to sync.

5. Prevent User Deactivation

Issue: Disabled users in Azure are deactivated in Freshservice.

Solution:

1. In Azure SCIM provisioning, click Edit Attribute Mappings.

2. Find the mapping where Target Attribute = active.

3. Delete or disable that mapping.

6. Use Multiple Azure Tenants for One Freshservice Instance

Answer:Officially unsupported, but it works with a workaround:

1. Install Freshservice SCIM app in each tenant.

2. Use the same Bearer Token from Freshservice in all tenants.

Each tenant works independently but syncs to the same Freshservice account.

7. Mapping Location Field

Steps:

1. Go to Provisioning > Edit Attribute Mappings in Azure.

2. Click Show advanced options > Edit attribute list.

3. Add:

   • Name: urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:_location

   • Type: String

4. Save, return, and map:

   • Source: physicalDeliveryOfficeName

   • Target: _location

Note: Underscore is required before location.

8. Mapping Display Name

Resolution:
Map Azure’s displayName or build expression (e.g., givenName + " " + surname) to Freshservice’s displayName.

9. Mapping Department Field

Resolution:
Use Azure's department and map it directly to Freshservice’s department field (no custom path needed).

10. Finding Custom Attribute Field Keys

Steps:

1. Go to Freshservice Admin > Apps > Azure SCIM Provisioning > Settings.

2. Scroll to the Bearer Token section to view field names.

3. Use the following SCIM format:

urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:<field_key>

11. Manager Field Missing for Some Users

Issue: The manager appears for some but not all users.

Causes & Fixes:

• The manager wasn’t provisioned before the reportee.

• The manager is out of scope (not in provisioning group).

Fix: Provision the manager manually first, then retry the direct report.

12. Hire Date Sync Failure

Issue: Sync fails with a date format error.

Fix:

• Ensure the format is yyyy-mm-dd.

• No null or blank values.

Error:

{ "code":"invalid_value", "message":"It should be a valid date in the 'yyyy-mm-dd' format" }

13. RedundantExport, No Updates Applied

Issue: Azure reports RedundantExport, and no data updates.

Fix:

• Add a minor change to the user (e.g., extra space in title).

• Run Provision on Demand.

This forces Azure to re-evaluate the user object.

14. Custom Fields Not Syncing

Fix:

• Check if the field exists in Freshservice.

• Use the correct SCIM path.

• Ensure the source Azure attribute has data.

Example:

urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:employee_number

15. Mapping Secondary Email

Issue: Need to sync secondary email to Freshservice.

Steps to Configure:

1. Go to Azure Portal > Enterprise Applications > Freshservice > Provisioning.

2. Click Show advanced options > Edit attribute list for Freshservice.

3. Add the following attribute:

   • Name: urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:_secondaryEmail

   • Type: String

4. Save.

5. Go to Mappings and click Add New Mapping.

6. Set the Source Attribute to the Azure field containing the secondary email (e.g., otherMails or mail).

7. Set the Target Attribute to _secondaryEmail.

Note: The underscore in _secondaryEmail is required as this is a reserved Freshservice field.

Reach out to us if you would like help interpreting provisioning logs or troubleshooting specific sync issues - support@effy.co.in