Access Management administration
This topic outlines the tasks that are part of the role of an administrator responsible for the HelloID Access Management.
Monitoring
Monitor HelloID using the built-in mechanisms; see HelloID administration.
Review notifications about expiring certificates.
Review Access Management reports.
Review Access Management Incidents via the Admin dashboard. See Troubleshooting Access Management for resolution steps.
Monitor the use of licenses via the License widget on the Admin dashboard.
Monitor all systems and applications connected to the Access Management module.
Review and update certificates.
Tip
Ensure procedures are in place to replace certificates before they expire, to prevent downtime in the Single Sign-On (SSO) connections.
Monitor the organization for changes that may affect the configuration of HelloID Access Management.
The Quick Reference: Access Management configuration helps you discover and regularly check the relevant details of your HelloID Access Management configuration.
Troubleshooting
Troubleshoot Access Management incidents and issues. See Troubleshooting Access Management for resolution steps and additional resources.
For user management issues, see HelloID portal and user administration.
Helpdesk tasks/maintenance
- 1. A certificate is about to expire.
- 2. An application must be temporarily disabled or hidden.
- 3. An application must be added, edited, or removed.
- 4. SSO claims need to be adjusted for an application. For example, instead of an email address, the employee ID must be sent to the application.
1. | A certificate is about to expire. | |||
ImportantReplace the certificate before it expires. SAML and WS-Federation-based Single Sign-On (SSO) applications may continue to function with an expired certificate, although this is not recommended. OpenID Connect, however, requires a valid (i.e., unexpired) certificate. Depending on the supplier, the certificate might need to be added manually, or it may update automatically using metadata (a "well-known configuration" document), which is refreshed every few minutes or hours. If you only update the certificate in HelloID and not on the supplier's side, it may cause downtime for the SSO connection. | ||||
2. | An application must be temporarily disabled or hidden. | |||
NoteWhen disabling SAML, OpenID Connect or WS-Federation applications, the metadata/well known configuration endpoints are also disabled. | ||||
3. | An application must be added, edited, or removed. | |||
4. | SSO claims need to be adjusted for an application. For example, instead of an email address, the employee ID must be sent to the application. | |||
|