Key Features
HelloID Provisioning
Why HelloID?
HelloID is an advanced user account provisioning solution. How does HelloID stand out from other solutions? Which features are critical for a reliable platform? The list below provides an overview of these features.
Performance
The volume of data to process increases rapidly in identity management systems. This results from the Cartesian product of employees with contracts, assignment rules, and then multiple target systems with multiple accounts and multiple permissions. In a relatively modest environment with 2,500 employees, this quickly leads to a database of more than 320,000 records. When history is included, it easily exceeds 1M. HelloID has an advanced change detection mechanism that detects and applies changes extremely quickly. For 2,500 employees in under 2 minutes!
Reliable processing
HelloID is designed to be outcome-driven. That has two advantages: (1) it is easier to configure because you only specify who receives what and when, and HelloID handles the rest. (2) HelloID also strives each time to achieve this desired outcome without skipping any changes. This makes the system unique in the IDM market and sets it apart with easy configuration and reliable processing.
Source Thresholds
If the HR system generates far more changes than usual, input is halted and this is reported.
Input check
Verify that fields from the HR system (or another source system) are populated. For example, is the personal email address provided? If a field is not populated, only the corresponding employee is excluded from processing and this is reported.
Target Thresholds
For each connected target system you can set the maximum number of changes per run. This prevents the provisioning process from, for example, removing a set of groups for all employees. HelloID calculates in advance how many changes will be executed. If there are too many, the provisioning process stops at the outset. No changes are executed.
Simulation
During the setup of automated provisioning it is important to see which changes the provisioning process intends to execute, without actually executing them. This mechanism is also important when you have made configuration changes and want to verify that they are correct.
Safe and phased go-live
Because HelloID only revokes accounts and entitlements that were granted by HelloID, a phased go-live is very simple. For example, you can go live by department or division by using business rules. There is no risk that go-live will prevent employees from doing their work.
Correlation
At the start of the implementation, user accounts already exist in the target systems and employees exist in the HR system. These must be linked. HelloID provides the ability to link employees to existing accounts based on a configurable key. HelloID also provides a screen to link accounts when the key data does not match.
Error handling
A network is not always available and errors occur. You can see immediately what is going wrong, and HelloID has an automatic retry mechanism. If the issue is resolved manually, HelloID also has a manual retry mechanism.
Authorizations
Based on any attribute from the HR system you can configure which accounts and permissions in the target systems must be assigned to a group of employees. Permissions are automatically revoked when an employee no longer meets the condition. A grace period can also be specified. This is very useful when you want employees to retain access to the old department for a while.
Reporting
HelloID is integrated with the online ELK platform. Out of the box, HelloID includes a state-of-the-art reporting platform at no additional cost. Any desired report is possible.