Freshservice
This connectivity package provides support for managing requesters and departments in FreshService.
Supported objects and operations
| System objects | Omada Identity Data Model | Operations |
|---|---|---|
| Requester | Account | Create, read, update, delete |
| Department | Resource | Read |
| Department memberships (requesters) | Resource Assignment | Create, read, update, delete |
Minimum required permissions
See the FreshService API documentation.
Implementation notes
The connectivity package creates accounts as requesters in FreshService. It currently does not support creating agents. FreshService allows converting them into agents once they are created.
Network requirements
N/A
Prerequisites
Authorization
FreshService uses both API key and basic access authorization. You can use your personal API key to authenticate the request. If you use the API key, you don't need to use a password. For basic access, use the same username and password that you use when you log into your helpdesk.
Creating an extension attribute
To provision multiple departments in an array, create an attribute that is resolved by the RoPE Attribute Value Resolver extension:
-
Open the RoPE configuration file:
- On-prem:
\Omada Identity Suite\Role and Policy Engine\Service\ConfigFiles - Cloud: In the Cloud Management Portal, navigate to Environments. In the environment row, from the drop-down menu, select Configure. Choose the RoPE configuration tab.
- On-prem:
-
Add a new attribute under the AttributeValueResolver:
<add key="setting7" name="Fresh Service Account:C_FRESHSERVICEDEPARTMENTID" value="/#ASSIGNMENTS_PER_RESOURCETYPE/Department:[ROLEID]" extraInfo="Type:ReferencePath;MultiValue:True" />
Deleting accounts
Fresh supports two methods of performing the DELETE operation: disable an account and forget an account. Omada Identity uses the forget method.
To reactivate an account, Fresh calls for a separate PUT call that reactivates a user. Since we already have a PUT call that is modifying a user, the call that reactivates accounts is currently not supported in this package.
Requesting or assigning access
The identity must be assigned both the FreshService account and minimum one FreshService department resource. The above configuration of resource-driven attributes will copy the ID of the department onto the account when provisioned. This is required as the department is just an attribute on the user object in FreshService. Departments are referred to as a company in FreshService.
Reconciliation
By having the department as a separate object and creating a resource assignment for it, you can import the actual state of both the account and the assigned role.