Frequently Asked QUESTIONS

General

How are products licensed?

Our products are typically licensed on a per user basis. We offer both subscription and perpetual licenses to best suit your requirements.

Can I get a 1:1 demonstration?

Yes, absolutely. Click here to request a software demonstration and one of our account managers will contact you to arrange a demonstration of how our products can meet your specific requirements.

Do you have customer service team?

Yes, we have full-time support teams based out of our New York and Seattle offices. Support is typically available Monday – Friday, 7am – 5pm.

How do I open a new support case?

You may contact our support department by visiting our support page. From there, select the office that you wish to contact, and fill out their contact form.

HelloID

Tools4ever’s cloud-based IDaaS and identity management service providing provisioning, self-service, access management, and single sign-on. HelloID provides a single point of management and entry for all of your user’s web-based applications, and also delivers a leading service automation and delegation solution.

My app is not on HelloID. Can I add it?

Yes. By navigating to Applications > Application, and clicking on “Add Application”, you can open the application catalog. From there, select “Generic” and you will have the ability to configure web applications on your own. Of course, the Tools4ever technical team is always available to assist as well. Learn more about adding applications here.

How long does a HelloID installation take?

A typical deployment of HelloID requires approximately 4 hours to configure. The Tools4ever technical team will walk you through the basic configuration.

How can I access HelloID?

All you need to access HelloID is an internet connection and a browser. HelloID is supported on many web browsers and devices including:

  • Chrome
  • Firefox
  • Internet Explorer
  • Microsoft Edge
  • iOS
  • Android
  • Chromebooks

How is HelloID deployed?

HelloID is deployed on the Microsoft Azure cloud platform. Depending on your organization’s geographic location, your data will reside in a data center in North America or Western Europe.

Can users be local to HelloID?

Yes, HelloID can maintain credentials for users that may not exist in your Active Directory.

How many apps are in HelloID?

We currently have over 700 apps predefined, and you have the ability to add more. The predefined list continues to grow with every release.

What apps are visible for users?

The apps displayed to the end-user are controlled by groups. You can synchronize Active Directory groups or create local groups in HelloID.

Can you set access restrictions?

You can define when and how the portal or apps are accessed. HelloID can adhere to your organizations access policies with restriction features such as time, location, or device. For example, you may not want users to access data outside of the typical work week and can easily limit availability to Monday–Friday, 9 a.m.–5 p.m.

You can also configure adaptive multifactor authentication or ensure access is not available outside of the network via IP address restrictions.

How secure is HelloID?

HelloID uses redundant servers in multiple regions in North America and Western Europe to maximize uptime. Your data never leaves the country of origin. We use RSA to encrypt your data. In addition, we utilize a consulting firm to provide complete penetration testing on a quarterly basis. You can also enhance the normal login process with multifactor authentication (MFA) capabilities utilizing Radius servers, a PIN via SMS, authenticator apps from Google or Microsoft, or other options.

 

IAM: Identity and Access Manager

IAM is Tools4ever’s enterprise identity and access management software solution. It provides organizations with the power and insight they need to automate processes, provision accounts, and control access throughout their networks and applications.

How does IAM stop permissions accumulating and unstructured data building up in the network?

With identities often being interwoven in the network, our transparent process automates and/or delegates access management to prevent the accumulation of permissions. This prevents unauthorized access, minimizes data breach risk, and ensures users always have the correct access required.

How does IAM make the helpdesk more efficient?

Onboarding can be automated with IAM, eliminating the need for manual intervention from IT or the helpdesk. Access rights are either created based on a Role Based Access Control (RBAC) model or granted and approved by managers and/or the data owners on a one off basis. This frees up the helpdesk to work on more important tasks instead of repetitive work such as user provisioning.

How does IAM benefit organizations on a business level?

It is inefficient to have staff spending hours every day managing access, users, and permissions. The risk of human error is mitigated when the process is automated.

How does IAM aid compliance/audits?

IAM leaves a transparent access trail based on the permissions granted and/or revoked in the network. Access governance makes it easy to ensure users have the correct access—no more, no less than needed. In addition, IAM adds layers of accountability to the process by assigning certain users as data owners. RBAC ensures that rights are correct for every position and individual while discrepancies are available for managerial review.

How long does implementation take?

The length of implementation depends on the specific requirements of any particular organization. Before quoting a timeframe, we will assess the requirements and provide a detailed scope of services for your particular needs.

Our unique approach to implementation has been the key to our success over 20 years in the industry. We implement IAM in phases to avoid users or IT having to adjust to drastic changes overnight. The phases also allow our expert consultants to address any small challenges as they arise. With a phased implementation, we can ensure each module of IAM is working seamlessly before we move on to another. You can read more about why implementing in phases is optimal in this blog post.

How does access governance (AG) work?

IAM Access Governance replaces the copy-user, spreadsheets, user templates, and other types of manual access management practices prone to human error and oversight. Access rights are recorded in an easily managed RBAC model and then issued, updated, and withdrawn accordingly. Access Governance offers a variety of methods to build the model, such as role mining, and the ability to manage it via workflow requests and approvals. Validation of any discrepancy of rights can be accomplished via attestation and reconciliation.

There are certain attributes of a user (e.g., department title, location) that are picked up from the HR/SIS. We put these through IAM’s access governance model to determine the given individual’s entitlements either in the network, Exchange, O365, Google, or other systems as appropriate for their role. Essentially, all of the attributes are mapped to entitlements in different systems with access governance. IAM translates their role attributes into resources.

Can IAM add users to groups & distribution lists?

Yes—it can create, delete, and manage group memberships. Access governance and the RBAC model used to provision resources can equally be used to assign appropriate group and DL memberships.

Can users be created with expiration dates?

Yes—users can be created with a predefined expiration date. This is ideal for short-term employees, contractors, or students & staff in schools or universities. Additionally, email alerts can be automatically generated to notify managers of new account creation or upcoming expiry.

If a data owner or someone who can grant access in the access governance model leaves, is there an alert to assign a new owner?

Yes—an alert can be sent to IT or the helpdesk notifying them that a group manager or “approver” has left the organization. IAM makes it easy to detect the affected individuals or groups and easily update with the new manager’s information.

Is there an ability to create attribute based dynamic groups?

Yes. IAM has the capability to programmatically create AD groups based on attributes available from the HR/SIS system. For example, a group could be created based on the title “Office Administrator” and employees with that designation would automatically be added to the group.

What is the run time for an account management process?

Many factors affect the run time for provisioning process execution, including: number of employees, quantity of changes, and total number of systems connected. Most of our clients are able to run their processes every hour. We also provide the ability to run processes on-demand.

How do you provision users to G-Suite and Office 365?

Tools4ever has developed connectors that tightly integrate with both G-Suite and Office 365. These connectors run in conjunction with the provisioning processes and changes in both systems are implemented immediately. Any action, including module licensing, can be addressed by our connectors.

Can employees request access via IAM?

Yes. Employees can request access to applications, Active Directory groups, distribution lists, and hardware via a web portal we call “The Shop”. Products can be made available globally or just for specific groups of users. Items can require one or more levels of approvals while others can be granted automatically.

 

SSRPM: Self-Service Reset Password Manager

SSRPM is Tools4ever’s premier password self-service solution. It allows organizations of all sizes to unburden their helpdesk and empower their end users when it comes to forgotten passwords and account management. It also provides the ability to securely onboard new employees without sending their passwords through email or on printed paper!

Can you choose how many challenge questions are needed to reset a password?

Yes—you can customize an access policy to suit the specific requirements of your organization. You can choose the number of challenge questions, if users can create their own challenge questions, whether to require multifactor authentication, and many other options. You can have multiple access policies within SSRPM and assign different rule sets to for specific OUs or AD groups.

How do I apply a license after expiration?

If you are on a subscription license and it has expired, please contact your local office for assistance.

Can you reset your password from any device?

Yes. SSRPM can be accessed via a web interface and/or a mobile app, currently available for iOS and Android. All you need to reset your password is an internet connection, your username, and the answers to your challenge questions.

What are the enrollment options for end users?

There are currently three enrollment options for SSRPM:

  1. Auto-Enrollment: This is when data is collected from an HR System or Student Information System (SIS) and used to pre-populate answers in the SSRPM database, thus eliminating the need for employees to complete the enrollment process.
  2. Onboarding: This method utilizes a mechanism to give a unique “claim ID” and one-time password (OTP) to the end user based on personal information from the HR or SIS. It ensures SSRPM is set up before network access is granted.
  3. Windows Pop-Up: A wizard pops up for end users to fill in their answers to challenge questions. It cannot be closed unless this information is completed, ensuring enrollment in SSRPM.

Is a database needed to store SSRPM’s data?

Yes. SSRPM requires either a SQL Database (recommended) or an Access Database. SQL Server Express and SQL 2000 or higher are supported.

How are the answers to the challenge questions stored?

The answers to challenge questions are very secure. We use SHA 256 with salting and obfuscation by default. Optionally, you can select a reversible encryption method which is required for our Helpdesk ID module.

Do any Tools4ever staff require an account in the network for SSRPM implementation?

No, but a service account is needed in the network that has sufficient rights to process an AD reset. It does not need to be a domain administrator.

Does SSRPM Enforce my AD password polices?

Yes. SSRPM impersonates the end user when resetting their password. By using this method, SSRPM automatically enforces your AD password policy requirements insofar as complexity and history are concerned.

Can SSRPM be used on anything other than Active Directory?

SSRPM, in conjunction with our Password Synchronization Manager (PSM), can be utilized to send password resets to other applications and platforms. Popular options are GSuite, O365, SAP and iSeries.

Can SSRPM notify user of an impending AD password expiration?

Password expiration notifications can be sent via email or SMS to end users in advance of their password expiration. As an administrator, you control the frequency and content of these alerts.

How do I add or delete users in SSRPM?

SSRPM tightly integrates with Active Directory. When you add users in AD, they are automatically given an SSRPM account. When you disable or delete users in AD, their account is deleted in SSRPM. You can restrict SSRPM to only look at specific OU’s or groups in AD if there are specific personnel you wish to exclude.