# HelloID

##### Add an Active Directory configuration

Prerequisite: Install Agent on a server in your network with HTTPS access, which is not a domain controller.

1. Go to Directory > Active Directory and click Create Configuration.

2. Select the Agent Pool which contains the Agent you installed.

For this example, we'll select our Demo Lab Agent Pool.

3. Click Next.

4. Select the services that you want this directory configuration to handle.

Authentication

Synchronization

An Active Directory synchronization task will be created, to regularly sync AD accounts and groups to HelloID Users and Groups.

• Start Sync Now: Run the AD sync task immediately after this configuration is created.

• Allow Deletion: The AD sync task will be allowed to soft delete users and groups from HelloID when they have been deleted in AD. See Soft deleted users.

• Enable Deletion Threshold / Deletion Threshold: Provides a safeguard against the accidental mass deletion of HelloID users and groups when the AD sync task runs. If the percentage of users or groups that will be deleted exceeds this value, all deletions will be canceled instead. By default, this safeguard is set to 10%.

• Enable User Hard Delete: The AD sync task will hard delete users instead of soft deleting them. See Hard deleted users.

5. Click Next.

Synchronize All Users

Sync all users from all OUs.

Choose Specific OUs

Only sync users from specified OUs.

Enter OU Manually

Only sync users from a single specified OU.

### Caution

To prevent synchronizing service accounts, we recommend not using Synchronize All Users.

For this example, we'll select the Choose Specific OUs option and select our docs OU.

7. Click Next.

Synchronize All Groups

Sync all groups from all OUs.

Synchronize Groups From The Same OUs As Specified For Users

Use the same OUs from the user sync scope.

Choose Specific OUs

Only sync groups from specified OUs.

Enter OU Manually

Only sync groups from a single specified OU.

Do Not Synchronize Groups

Do not sync any groups from AD.

For this example, we'll select the Synchronize Groups From The Same OUs As Specified For Users option.

9. Click Finish.

If you enabled the Start Sync Now toggle, the AD sync task will run for the first time, and sync AD users and groups from the selected OUs into HelloID Users and Groups.

If you didn't enable the Start Sync Now toggle, you can Manually run a scheduled task for the Active Directory synchronization task.

10. Optional: Customize this IdP. See AD Agent IdP and IdP settings reference.

11. Optional: Customize the AD mapping set.