Frequently Asked Questions

FAQ: Provisioning

Accounts

Q: Can I manually update a person's account data in HelloID?
Q: A person's employee number in the account field of a target system is incorrect. Why is that, and what should I do?
Q: One person has two accounts in the target system. Why is that, and what should I do?
Q: How do I cancel an action for a person that is no longer present in the source system?
Q: Updates to an account fail with an error, indicating that the account was probably deleted. How do I resolve this?
Q: Can I see in the logs which Active Directory attributes were changed, including their previous and new values?

Q:	Can I manually update a person's account data in HelloID?
A:	No, manual updates to a person’s account data in HelloID are not supported. Data from a target account should only be stored in HelloID if it serves a clear purpose, for example when it is used in another (dependent) target system. If it is necessary to store data from a target account in HelloID, you can achieve this by configuring the target mapping appropriately. Map the desired field in the target mapping to an action - for example, the Update action -, set the mapping type to None and enable Store in account data. See Target mappings in Active Directory, Target mappings in Azure AD or Target mappings in PowerShell v2 target systems.
Q:	A person's employee number in the account field of a target system is incorrect. Why is that, and what should I do?
A:	Check the source system data. If the employee number was changed recently, the account may not have been updated yet. The issue may also be caused by Person aggregation. Duplicates can be merged - automatically or manually, depending on how person aggregation is set up - into a single person in HelloID. One person is designated as the main person, while the others become non-main persons. All contracts are associated with the main person. Whenever necessary, the main person's personal data is used. If one of the contracts changes after the merge, it may affect target account attributes like job title or manager. However, it doesn't change who the main person is, so personal data, such as an employee number, stays the same. (See Aggregation basics.) If possible, remove duplicate entries from the source system(s). Manually replace the main person with the non-main person whose personal data should be used. Tip When merging separate persons, set the person with the desired entitlements (such as target accounts) as the main person. This way, their accounts and other entitlements remain managed in HelloID. You can Manually replace a main person in a merge set later if you want the personal data, such as an employee ID, of the other person to be used. For more information, see Aggregation basics.
Q:	One person has two accounts in the target system. Why is that, and what should I do?
A:	The most likely reason is that an account could not be correlated with the person, causing a new account to be created alongside the existing one. Unmanage the new account. Then Re-correlate a person's target account. Another possible reason is that there are two entries for this person in the source system, and they have been imported into HelloID as separate individuals rather than being merged into a single person. Manually merge the persons. The person with the account that needs to be retained should become the main person first. During the merge, the entitlements of any non-main persons become unmanaged, i.e. they are forgotten in HelloID, but not removed from the target system. You may need to manually remove the unmanaged target account. If the non-main person's personal data must be leading, Manually replace the main person after the initial merge.
Q:	How do I cancel an action for a person that is no longer present in the source system?
A:	Unmanage the entitlement: go to Business > Entitlements > Granted; find the line with the correct target system, person, and entitlement; at the end of that line, click Show support information; then, in the Start Action dropdown, click Unmanage.
Q:	Updates to an account fail with an error, indicating that the account was probably deleted. How do I resolve this?
A:	This usually occurs when the account was manually deleted from the target system. Check whether the account still exists in the target system. The ID of the account in the target system should match the ID of the account in HelloID (go to Persons, find the person, then open the tab Entitlements). If the account no longer exists, Unmanage the entitlement (the old account) in HelloID. Optional: Restore the deleted account, or select another existing account that should be used by the person. Then Manually correlate an account with the person. Run an evaluation; then Run an enforcement. After this, during the Grant - Account action, HelloID will either link the existing account with the person or create a new account.
Q:	Can I see in the logs which Active Directory attributes were changed, including their previous and new values?
A:	This information is not available in HelloID's Audit logs, which primarily contain workflow information, but can be retrieved when AD Auditing is enabled. Enable Audit Policy via Group Policy: Open Group Policy Management Console (GPMC). Edit or create a GPO linked to your Domain Controllers OU. Navigate to: Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > DS Access Enable: Audit Directory Service Changes → Success and Failure Enable Auditing on AD Objects: Open Active Directory Users and Computers (ADUC). Enable Advanced Features from the View menu. Right-click the user or OU and go to Properties > Security > Advanced > Auditing tab. Add an entry: Principal: Everyone (or Domain Admins) Type: Success Applies to: This object and all descendant objects Permissions: Write all properties (or specific attributes) Check the logs: Make a change: modify an attribute that already has a value (e.g., change description from "Test1" to "Test2"). Open Event Viewer on a domain controller. Go to: Windows Logs > Security and filter for Event ID 5136 (which is how Windows logs these changes in the Security log on domain controllers). Look for Value Deleted (old value) and Value Added (new value) events with matching Correlation IDs. The shared Correlation ID allows you to link the events and reconstruct the full change.

Source systems

Q: How can I see which changes are associated with blocked Source snapshots?

How can I see which changes are associated with blocked Source snapshots?

While you cannot view the specific details of blocked source snapshots, you can review the related changes:

Navigate to Source > Snapshots. Select the blocked snapshot. Under Summary, click Inspect next to Persons to view the related changes.

FAQ: Service Automation

Q: Why do I receive the following error message when trying to open a datasource in a delegated form?

Why do I receive the following error message when trying to open a datasource in a delegated form?

Http failure response for https://service-automation-prod-we.helloid.cloud/service/datasource/api/dataset/customerrelatedguid/paged-dataset?cachebust=randomnumber: 404 OK.

This error usually means the Service Automation agent was temporarily unavailable when the request was made. It typically resolves itself within a few minutes once the agent reconnects automatically. If this takes more than 5 minutes, an incident will be created.

In this section:

HelloID