HelloID’s Azure AD connector allows you to fully manage and provision the users within your Microsoft cloud environment. HelloID integrates with your source system (e.g., HR systems) and Azure AD to drive provisioning processes. HelloID may also serve as your source system. Connect HelloID with Azure AD to cover all of your onboarding and user update needs with increased capability, simplicity, and speed.
Onboarding and Provisioning New Users
When new users begin their employment, HelloID automatically executes Azure AD onboarding processes. This connector enables account creation, adds group memberships, and assigns permissions and resources within Azure AD based on the new user’s role (e.g. Exchange email).
HelloID leverages Microsoft’s Graph API to provision users and group memberships within Azure AD. Utilizing standard RESTful API commands and HTTP methods, HelloID and Microsoft’s Graph API cover all the necessary processes for user account lifecycle management and CRUD:
Automatically Update Roles & Access
HelloID’s Azure AD connector constantly processes user accounts to ensure their information and access remain up-to-date. Throughout promotions, role changes, and any other events that occur during the course of a user’s account lifecycle, HelloID updates and reprovisions accordingly.
Provisioning New Resources for Existing Users
Sometimes your organization will implement a new system, application, or cloud platform that your employees will need access to once it’s rolled out. HelloID provides simplified configuration to assign which groups require access to the new resource, with membership determined by the synced attributes from Azure AD.
By using group memberships, HelloID’s Service Automation module facilitates complete self-service for users. Outside of role-based provisioning automations, self-service is used to provision specialty access cases and temporary projects. HelloID can leverage Azure AD groups to assign the “Product Owners” who approve or deny users’ access requests for a given resource. When access requests are approved, HelloID automatically processes the group membership changes to provision the new access, which may include a revocation date.
Deactivation and Offboarding
As part of processing user account changes, HelloID swiftly deactivates and offboards departing employees once their status changes in HelloID or the integrated HR system. Via the Azure AD connector, HelloID deactivates accounts, removes group memberships, and revokes access to connected systems and applications. This minimizes offboarding delays, orphan Azure AD accounts, or overlooked access rights.
Single Sign-On (SSO) with Azure AD and OpenID Connect
HelloID provides simplified management for configuring SSO with Azure AD serving as the OpenID Connect Identity Provider. When a user opens an application from their HelloID dashboard, the appropriate tokens that verify their Azure AD identity will be sent to the downstream application. With one click, users may access all of their resources connected to Azure AD right from HelloID and without additional authentication.