This guide outlines how to install and configure the Azure Active Directory (Azure AD / Microsoft Entra ID) SCIM provisioning app from the Freshservice Marketplace. The SCIM integration allows automated user provisioning, updating, and de-provisioning between Azure AD and Freshservice.

Prerequisites

  • You must be a Freshservice Org Admin (not an Occasional Agent).

  • You need Enterprise Application admin rights in Azure AD.

  • Identify the Azure AD attributes to be mapped to Freshservice user fields (e.g., email, name, title, department).

Step 1: Install the SCIM App in Freshservice

  1. Log in to Freshservice from an Org admin account.

  2. Navigate to Admin > Apps 

  3. Search for Azure AD SCIM Provisioning in the Marketplace.

  4. Click Install and authorise the application

  5. After installation, the system will provide you with:

    • A SCIM Endpoint URL

    • A Bearer Token

Copy both the SCIM URL and token securely. These will be used to configure Azure.

Step 2: Create and Configure the Enterprise Application in Azure AD

  1. Sign in to the Azure Portal as a Global Administrator.

  2. Navigate to Azure Active Directory > Enterprise Applications.

  3. Click + New Application > search for Freshservice provisioning > Create your own SCIM application.

  4. Name the application (e.g., Freshservice SCIM

  5. Click Create.

Step 3: Set Up Provisioning in Azure

  1. In the newly created app, go to the Provisioning section.

  2. In the Admin Credentials section, enter:

    • Tenant URL: Use the SCIM URL from Freshservice.

    • Secret Token: Use the Bearer Token from Freshservice.

  3. Click Test Connection to confirm the setup.

  4. If successful, click Save.

Step 4: Configure Attribute Mapping

  1. Under Provisioning > Mappings, click Provision Azure Active Directory Users.

  2. Review and adjust the default mappings:

    • Ensure mail or userPrincipalName is mapped to userName and email.

    • Optionally map attributes like department, jobTitle, physicalDeliveryOfficeName, etc.

  3. To add custom attributes:

    • Scroll to the bottom and click Show advanced options > Edit attribute list for Freshservice.

    • Add a custom attribute in SCIM format:

      urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:<field_key>

    • Choose the appropriate data type (e.g., String) and click Save.

    • Return to the mapping screen, and click Add New Mapping to map your Azure attribute to this custom SCIM field.

Step 5: Assign Users or Groups

  1. Navigate to the Users and Groups tab.

  2. Click Add User/Group.

  3. Select and assign the users or groups to be provisioned to Freshservice.

  4. Click Assign.

Step 6: Start Provisioning

  1. Go back to the Provisioning tab.

  2. Click Start Provisioning.

Azure will begin syncing users based on your assignments and mappings. Provisioning typically runs every 40 minutes.

Best Practices

  • Map Azure’s mail to Freshservice’s userName to prevent duplicate records.

  • Avoid manual edits to userName in Freshservice once SCIM is enabled.

  • Use Provision on Demand for targeted user testing and troubleshooting.

  • Ensure dropdown fields (like company, region) have valid values in Freshservice or the provisioning will fail.

  • Confirm departments and locations exist in Admin > Departments before syncing.

Additional Help

For complex provisioning issues or log interpretation assistance, contact support at: support@effy.co.in