Gaining a basic understanding of attributes, business rules, entitlements, source systems, and targets will provide you with a solid framework for understanding HelloID, its operations, and why connectors are so valuable.
Attributes, Business Rules, & Entitlements
In order to drive identity management and provisioning automations throughout your IT environment, HelloID relies upon user attributes, business rules, and entitlements. Attributes include all the of various pieces of identity data that make up a person within HelloID (e.g., name, title, department, manager).
A user’s attributes determine the business rules that apply to them (e.g., all users receive an Active Directory account). Some business rule configurations are fairly common across all organizations and others may be customized to yours. The applicable business rules determine the entitlements users receive, such as accounts in various systems and permissions in the file system.
Source & Target Systems
HelloID connects to the systems and applications within your environment to execute identity management automations and other processes. “Source systems” are those configured to provide HelloID with the user attributes needed to execute various tasks. HelloID detects and syncs all changes in the “source system”, whether newly added users or updates to existing ones. HR and SIS systems most commonly serve as an organization’s “source system” and because HelloID’s data will always mirror them, they may also be called your “source of truth”.
All other systems and applications that HelloID connects to are “targets”. HelloID executes identity management processes, such as creating and provisioning accounts, in target systems and applications.
HelloID leverages connectors to create and set up new users’ accounts, group memberships, and assigned permissions. When new users are detected within the configured “source system”, HelloID automatically syncs their data and attributes. The user is created as a “person” in HelloID.
Based on your organizations configurations, HelloID then automatically provisions each provisions each “person” accordingly. Accounts are created, group memberships are added, and various permissions are assigned accordingly. With automated account creation, provisioning, and access management wrapped into one, new users hit the ground running on their first day.
HelloID’s automated identity management processes virtually eliminate time-consuming manual efforts, reclaim significant IT staff bandwidth, ensure consistency, and track all actions for easily compiled audit logs.
By using group memberships, HelloID’s Service Automation module facilitates complete self-service for users. Outside of automated role-based provisioning, self-service is used to provision specialty access cases and temporary projects.
HelloID configurations assign the “Product Owners” who approve or deny users’ access requests for a given resource. Users who need to access a given resource may submit requests from the Service Automation tab located on their HelloID dashboard menu. When access requests are approved, HelloID automatically processes the group membership changes to provision the new access, which may also include a revocation date.
Automatically Update Roles & Access
HelloID automatically detects user attribute updates in source systems in the same manner as detecting new users. When changes occur, HelloID with sync and process them accordingly to ensure that user data and access remain up-to-date. Throughout promotions, role changes, and any other events that occur during the course of a user’s account lifecycle, HelloID has you covered.
Provisioning New Resources for Existing Users
Sometimes your organization will implement a new system, application, or cloud platform that your employees will need access to once it’s rolled out. HelloID provides simplified configuration to assign which groups require access to the new resource, with membership determined by the synced attributes from AD. If the new resource is connected to HelloID and configured, then the specified provisioning processes will be executed as with any other resource.
As part of processing user account changes, HelloID swiftly deactivates and offboards departing employees once their status changes in the integrated source system. When a user’s attributes indicate that a their employment is over, HelloID automatically deactivates accounts, removes group memberships, and revokes access to connected systems and applications. This minimizes offboarding delays, orphan accounts, overlooked access rights, and unnecessary license expenditures.