Microsoft’s Active Directory (AD) remains one of the world’s premier directory services for organizations of all industries and sizes.
Our premier provisioning solutions, HelloID (cloud) and NIM (on-prem), have default connectors designed to work with Active Directory. These connectors allow you to fully manage the identities in your directory with granular control and enhance your organization’s IT environment.
HelloID and NIM connectors integrate with both your source and target systems. For example, a source system such as your HR or SIS system and Active Directory as a target system. Active Directory is almost always one of the first systems integrated when implementing an automated provisioning process.
Onboarding, Provisioning, & Ongoing Management
HelloID and NIM automatically execute all user lifecycle tasks, such as creating, editing, and deleting accounts. With our connectors, our solutions analyze the source data for changes and then synchronize the data to your target systems, such as Active Directory. As a result, processes are automatic, consistent, and logged.
HelloID and NIM’s role modeling and business rules determine provisioning processes for downstream resources and may be configured to use source system (HR) attributes to set a given user’s role. With automated account creation, provisioning, and access management wrapped into one, new users hit the ground running on their first day.
Service Automation for User Self-Service
Outside of standard provisioning configurations, users may access HelloID’s Service Automation module to request access to additional resources from their dashboard. HelloID can leverage AD groups to assign the “Product Owners” who approve or deny users’ access requests for a given resource. Based on approval or denial, HelloID automatically processes the requests or updates the requester with a denial notification.
Simplified Management and Security
Identity Management within AD (or Azure AD and ADFS) requires dedicated knowledge, elevated permissions, and remains time-consuming. By connecting AD to HelloID or NIM, identity management tasks become automated processes. Additionally, delegated forms allow Tier 1 IT and HR staff to initiate provisioning and management tasks without elevated permissions that increase security risks and are otherwise unnecessary.
Authentication and Password Resets
Leveraging AD as an Identity Provider, HelloID grants single sign-on access to verified users who have authenticated into your organization’s network with their AD credentials. Authenticated users gain access to all of their necessary resources within HelloID without additional login steps (unless additional multifactor authentication has been enabled).
When AD passwords approach expiry, users receive a notification that they must change it during their next login. Additionally, HelloID provides a reset capability delegated to a user’s manager. Finally, the connector synchronizes the new credentials with AD.
Overcoming ADFS Limitations
While Microsoft provides Active Directory Federated Services (ADFS) for “free,” it does come with limitations. For example:
- ADFS is not a Software-as-a-Service (SaaS) solution. Therefore, if an organization seeks a cloud migration for their network/environment, ADFS does not work that way and will not provide the necessary capability.
- ADFS’s hardware costs are not free, as running two on-premise serves and two WAP servers are required at minimum.
- Some organizations must pay to use the latest version of ADFS.
By utilizing HelloID or NIM, you can simplify your automated user provisioning into Active Directory and Azure AD.
Additional HelloID Connector Information
For information on connecting Active Directory to HelloID and enabling SSO, please refer to the following Documentation and GitHub links:
Additional NIM Connector Information
For information on connecting Active Directory to NIM, please refer to the following Documentation and GitHub links: