Connector Raet Youforce

Manually managing user accounts and network access rights consumes significant amounts of your organization’s bandwidth—mostly from IT staff. Through a connection with HelloID, the HR information in Youforce provides your organization with the perfect foundation of data to fully automate this process.

HelloID provides an attribute mapper to sync with data from Youforce. The attribute mapper’s configuration links identity data from Youforce’s fields and variables to HelloID. HelloID leverages the synced data to detect changes and execute automated user account lifecycle and self-service processes accordingly.

Tools4ever is a certified partner of RAET.

Onboarding and Provisioning Processes for New Hires

When new employees are hired, their information must be entered into Youforce (e.g., position/title, department, location). They must also have the necessary user accounts created and provisioned with the associated access to resources. Executing these laborious, manual onboarding processes consumes significant IT bandwidth.

Via a connection with Youforce, the new employee information entered by your HR staff drives HelloID’s automated onboarding and provisioning process. HelloID automatically detects the new user entered into Youforce and executes the configured processes according to the employee’s role. HelloID creates new accounts, adds groups memberships and assigns permissions based upon the synced attributes to all of the connected downstream resources.

Driven off of Youforce’s data for every employee, role-based access control has never been as quick or easy.

Updating Access for Existing Users

With its connection, HelloID constantly detects changes made within Youforce. This means that whenever employee roles change, HelloID automatically updates users’ accounts, access, and permissions accordingly. Throughout every promotion, reorganization, transfer, or any other change, your users’ access remains up-to-date.

Without adding any additional tasks for your HR department, HelloID drastically decreases IT’s manual workload. With Youforce serving as the “source of truth” for identity information, your organization maintains consistency and virtually eliminates data entry errors throughout your IT environment.

HelloID Provisioning Examples with RAET Youforce

Change in YouforceIn-network Procedure (Automated by HelloID)
New employeeBased on information in Youforce, a user account is created with the configured group memberships according to the employee’s role. Typically, this occurs in (Azure) AD. User accounts and rights are also created in downstream systems. Tools4ever has more than 150 links with various target systems.
Employee Position/Role ChangeThe supplied authorization model in HelloID is automatically consulted for the new role’s permissions. Accounts and rights are added and removed accordingly.
Employee DepartureUser accounts are dismantled in phases and relevant parties are informed.
Employee Marriage/DivorceThe display name and e-mail address are adjusted (if desired).
Employee Location ChangeHome directory data is moved to the nearest home directory server.

Provisioning New Resources for Existing Users

Sometimes your organization will implement a new system, application, or cloud platform that your employees will need access to once it’s rolled out.

HelloID provides a simplified configuration process, called Business Rules, to assign which groups require access to the new resource, with membership determined by the synced attributes from Youforce. If you connect and configure the new resource with HelloID, the appropriate users will be automatically provisioned with accounts without any extra effort.

User Self-Service

By using group memberships, HelloID’s Service Automation module facilitates complete self-service for users. Outside of role-based provisioning automations, self-service is used to provision specialty access cases and temporary projects.

HelloID leverages its groups and the attributes synced from Youforce to assign the “Product Owners”, who approve or deny users’ access requests for a given resource. When access requests are approved, HelloID automatically processes the group membership changes to provision the new access, which may include a revocation date. 

Deactivation and Offboarding 

As part of processing user account changes, HelloID swiftly deactivates and offboards departing employees once their status changes within Youforce. HelloID detects the employment change entered by HR and automatically updates the user’s accounts and access—removing them in this instance.

Once the employee’s status has been changed, HelloID deactivates accounts, removes group memberships, and revokes access to the connected systems and applications. This minimizes offboarding delays, orphan accounts, or overlooked access rights and expensive licenses.

IT no longer has to wait for notifications from HR; HR simply makes the change in Youforce for the given employee and HelloID processes the rest.

Access Management—Single Sign-On (SSO)

As RAET Youforce is a cloud system, connecting to HelloID and enabling SSO provides your users with direct access. Once logged into HelloID, users merely click the RAET icon located on their personalized dashboard.

HelloID uses OpenIDConnect to provide SSO access to RAET. As with all HelloID’s other SSO connections, multifactor authentication (MFA) may be applied at the portal or individual application levels for additional security.

Simplified Management and Security 

Executing identity management tasks requires dedicated knowledge, elevated permissions, and significant time and effort. By connecting Youforce to HelloID, these tasks become automated processes. HR merely enters the identity information for new users or the updates to existing users’ roles in Youforce as they normally would.

HelloID automatically detects these changes and executes user account management processes accordingly. HelloID’s automations eliminate the need for HR to notify IT and for IT to then spend significant time manually creating and provisioning accounts. Additionally, HelloID provides delegated forms for instances that fall outside of the standard updates to users in Youforce.

HelloID’s automations and delegated forms allow Tier 1 IT and HR staff to initiate provisioning and management tasks without elevated permissions. As a result, HelloID increases these user groups’ efficiency without having to assign them elevated permissions—decreasing security risks.

Additional Connector Information

For information on how to connect RAET to HelloID and enable SSO, please refer to the HelloID Docs site:
https://docs.helloid.com/hc/en-us/articles/360014550419-Visma-Raet-Youforce-Single-Sign-On-OpenIDConnect-Configuration

For additional information on Raet connector commands, please refer to the following GitHub links:
https://github.com/Tools4everBV/HelloID-Conn-Prov-Source-RAET-IAM-API
https://github.com/Tools4everBV/HelloID-Conn-Prov-Source-Raet-BintXML
https://github.com/Tools4everBV/HelloID-Conn-Prov-Source-Raet-Oracle-Query
https://github.com/Tools4everBV/HelloID-Conn-Prov-Target-Raet-Users
https://github.com/Tools4everBV/HelloID-Conn-Prov-Target-Raet-DPIA100