With HelloID’s Active Directory connector, fully manage the identities in your directory with granular control and enhance your organization’s cloud migration. Active Directory is almost always one of the first systems integrated during a new HelloID implementation due to the exponential increase in management capability, simplicity, and speed.
Onboarding and Provisioning New Users
HelloID leverages its integration with HR systems to detect new users and execute AD onboarding processes. This connector enables account creation, group memberships, and assigned permissions within AD based on the new user’s role.
HelloID’s role model determines provisioning processes for downstream resources, and may be configured to use AD attributes to set a given user’s role. Acting as the “Service Provider”, HelloID provisions and permits access according to verified AD identities (when Active Directory is used as the Identity Provider). With automated account creation, provisioning, and access management wrapped into one, new users hit the ground running on their first day.
Automatically Update Roles & Access
HelloID’s AD connector constantly processes user accounts to ensure their information and access remain up-to-date. Throughout promotions, role changes, and any other events that occur during the course of a user’s account lifecycle, HelloID updates and reprovisions accordingly.
Provisioning New Resources for Existing Users
Sometimes your organization will implement a new system, application, or cloud platform that your employees will need access to once it’s rolled out. HelloID provides simplified configuration to assign which groups require access to the new resource, with membership determined by the synced attributes from AD.
By using group memberships, HelloID’s Service Automation module facilitates complete self-service for users. Outside of automated role-based provisioning, self-service is used to provision specialty access cases and temporary projects. HelloID can leverage AD groups to assign the “Product Owners” who approve or deny users’ access requests for a given resource. When access requests are approved, HelloID automatically processes the group membership changes to provision the new access, which may include a revocation date.
Deactivation and Offboarding
As part of processing user account changes, HelloID swiftly deactivates and offboards departing employees once their status changes in the integrated HR system. Via the AD connector, HelloID deactivates accounts, removes group memberships, and revokes access to connected systems and applications. This minimizes offboarding delays, orphan AD accounts, or overlooked access rights.
Authentication and Password Resets
Leveraging AD as an Identity Provider, HelloID grants single sign-on access to verified users who have authenticated into your organization’s network with their AD credentials. Authenticated users gain access to all of their necessary resources within HelloID without additional login steps (unless additional multifactor authentication has been enabled).
When AD passwords approach expiry, users receive a notification that they must change it during their next logon. Additionally, HelloID provides a reset capability delegated to a user’s manager. The connector synchronizes the new credentials with AD.
Simplified Management and Security
Identity management within AD (or Azure AD and ADFS) requires dedicated knowledge, elevated permissions, and remains time-consuming. By connecting AD to HelloID, identity management tasks become automated processes. Additionally, delegated forms allow Tier 1 IT and HR staff to initiate provisioning and management tasks without elevated permissions that increase security risks and are otherwise unnecessary.