Skip to main content

HelloID

Enable Azure AD sync
  1. Go to Directory > Azure AD.

  2. Click New Secret. The URL and Secret fields are automatically populated.

    2022-10-07_9-53-48.jpg
  3. Log in to your Azure portal at https://portal.azure.com/.

  4. Click Azure Active Directory.

    2022-10-07_9-55-06.jpg
  5. In the Manage menu, go to Enterprise Applications.

  6. Click New Application.

    2022-10-07_9-57-14.jpg
  7. In the search box, enter HelloID.

  8. Click the HelloID tile in the search results.

    2022-10-07_9-59-04.jpg
  9. Click Create.

    2022-10-07_10-00-47.jpg
    2022-10-07_10-03-00.jpg
  10. In the Manage menu, click Provisioning.

  11. Click Get Started.

  12. Change the Provisioning Mode to Automatic.

  13. Copy the URL value from HelloID and paste it into Azure's Tenant URL field.

  14. Copy the Secret value from HelloID and paste it into Azure's Secret Token field.

  15. Click Test Connection.

    2022-10-07_10-05-18.jpg

    You should get a message that reads "The supplied credentials are authorized to enable provisioning".

    2022-10-07_10-06-58.jpg
  16. Click Save.

  17. Add the following user Azure AD sync mappings:

    • employeeId

    • manager.id

    1. In Enterprise Applications > HelloID > Provisioning, click Edit Attribute Mappings.

    2. Click Provision Azure Active Directory Users.

      2022-10-18_13-02-19.jpg
    3. Go to Show Advanced Options > Review Your Schema Here.

      2022-10-18_13-04-24.jpg
      2022-10-18_13-06-07.jpg
    4. Add the employeeId and manager.id attributes, and their associated mappings:

      1. Add the following two objects to object.directories[1].objects[1].attributes:

        Tip

        object.directories[1].name should be HelloID.

        object.directories[1].objects[1].name should be urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.

        {
          "anchor": false,
          "caseExact": false,
          "defaultValue": null,
          "flowNullValues": false,
          "multivalued": false,
          "mutability": "ReadWrite",
          "name": "employeeId",
          "required": false,
          "type": "String",
          "apiExpressions": [],
          "metadata": [],
          "referencedObjects": []
        }
        {
          "anchor": false,
          "caseExact": false,
          "defaultValue": null,
          "flowNullValues": false,
          "multivalued": false,
          "mutability": "ReadWrite",
          "name": "manager.id",
          "required": false,
          "type": "String",
          "apiExpressions": [],
          "metadata": [],
          "referencedObjects": []
        }
        1. Additionally, add the employeeId object only to object.directories[0].objects[0].attributes.

          Tip

          object.directories[0].name should be Azure Active Directory.

          object.directories[0].objects[0].name should be User.

      2. Add the following two objects to object.synchronizationRules[0].objectMappings[1].attributeMappings:

        Tip

        object.synchronizationRules[0].name should be USERGROUP_OUTBOUND_USERGROUP.

        object.synchronizationRules[0].objectMappings[1].name should be Provision Azure Active Directory Users.

        {
          "defaultValue": "",
          "exportMissingReferences": false,
          "flowBehavior": "FlowWhenChanged",
          "flowType": "Always",
          "matchingPriority": 0,
          "targetAttributeName": "employeeId",
          "source": {
            "expression": "[employeeId]",
            "name": "employeeId",
            "type": "Attribute",
            "parameters": []
          }
        }
        {
          "defaultValue": "",
          "exportMissingReferences": false,
          "flowBehavior": "FlowWhenChanged",
          "flowType": "Always",
          "matchingPriority": 0,
          "targetAttributeName": "manager.id",
          "source": {
            "expression": "[manager]",
            "name": "manager",
            "type": "Attribute",
            "parameters": []
          }
        }
    5. Click Save, and click Yes to confirm.

      Tip

      An example schema is available here. You should not copy-paste the example, since some of the data is unique to your tenant.

  18. Go back to Enterprise Applications > HelloID > Provisioning > Edit Attribute Mappings.

  19. Customize additional user and group Azure AD sync mappings, if needed.

  20. Enable the Provisioning Status toggle.

    2022-10-07_10-11-57.jpg
  21. Click Save.

  22. Go to Enterprise Applications > HelloID > Users And Groups. Assign all relevant users and groups to this application.

    2022-10-07_10-36-23.jpg
  23. Go to Enterprise Applications > HelloID > Provisioning. Refresh this page after a few minutes, and it should report "Initial cycle completed".

    2022-10-07_10-17-28.jpg

Your Azure AD users & groups have been synced to HelloID Users and Groups. To view them, go to Directory > Users or Directory > Groups and filter by Azure AD.

2022-10-07_10-35-29.jpg