Microsoft’s Active Directory (AD) remains one of the world’s premier directory services for organizations of all industries and sizes.
With HelloID’s AD connector, fully manage the identities in your directory with granular control and enhance your organization’s IT environment. HelloID integrates with your source system (e.g., HR systems) and AD to drive provisioning processes. HelloID may also serve as your source system. Active Directory is almost always one of the first systems integrated during a new HelloID implementation due to the exponential increase in management capability, simplicity, and speed.
Connect HelloID with Azure AD to cover all of your onboarding and user update needs with increased capability, simplicity, and speed.
Onboarding, Provisioning, & Ongoing Management
Throughout a user’s employment, HelloID automatically executes identity management tasks for Azure AD. Via the connector, HelloID creates and provisions new users, updates them based on source system changes, and deactivates them when their employment ends. Processes are automatic, consistent, and logged.
HelloID’s role model determines provisioning processes for downstream resources and may be configured to use source system (HR) attributes to set a given user’s role. Acting as the “Service Provider,” HelloID provisions and permits access according to verified AD identities (when Active Directory is used as the Identity Provider). With automated account creation, provisioning, and access management wrapped into one, new users hit the ground running on their first day.
Service Automation for User Self-Service
Outside of standard provisioning configurations, users may access HelloID’s Service Automation module to request access to additional resources from their dashboard. HelloID can leverage AD groups to assign the “Product Owners” who approve or deny users’ access requests for a given resource. If approved by the associated “Product Owner,” HelloID processes all changes and provisioning needs.
Authentication and Password Resets
Leveraging AD as an Identity Provider, HelloID grants single sign-on access to verified users who have authenticated into your organization’s network with their AD credentials. Authenticated users gain access to all of their necessary resources within HelloID without additional login steps (unless additional multifactor authentication has been enabled).
When AD passwords approach expiry, users receive a notification that they must change it during their next login. Additionally, HelloID provides a reset capability delegated to a user’s manager. The connector synchronizes the new credentials with AD.
Simplified Management and Security
Identity management within AD (or Azure AD and ADFS) requires dedicated knowledge, elevated permissions, and remains time-consuming. By connecting AD to HelloID, identity management tasks become automated processes. Additionally, delegated forms allow Tier 1 IT and HR staff to initiate provisioning and management tasks without elevated permissions that increase security risks and are otherwise unnecessary.
Overcoming ADFS Limitations
While Microsoft provides Active Directory Federated Services (ADFS) for “free,” HelloID achieves better results with simpler ongoing management. Compared to HelloID integration, ADFS comes with the following limitations:
- ADFS is not a Software-as-a-Service (SaaS) solution. If an organization seeks a cloud migration for their network/environment, ADFS does not work that way and will not provide the necessary capability.
- ADFS’s hardware costs are not free, as running two on-premise serves and two WAP servers are required at minimum.
- Some organizations must pay to use the latest version of ADFS.