Quick Reference: Provisioning configuration
This Quick Reference guide helps you quickly locate key configuration details within the Provisioning module of HelloID. You can use it to get familiar with the module and as a checklist - for example, every quarter - to regularly review and update settings as your organization’s needs change.
All of the settings that are referred to below, are found on the 
Provisioning dashboard.
To learn how to switch between dashboards in HelloID, see Navigate the HelloID Interface.
Source systems
Setting | On the Provisioning dashboard menu, go to | See |
|---|---|---|
Which source systems are connected? | Source > Systems | |
When are source imports scheduled? | Source > Schedules |
Per source system:
Are scripts executed in the cloud or on premise? If on premise, what are the agent settings? | Source > Systems > Edit system > System (> Agent configuration) | |
If there is a Configuration tab, what system-specific settings does it have? | Source > Systems > Edit system > Configuration | |
How is information from the system mapped to persons and their contracts in HelloID? | Source > Systems > Edit system > Person Source > Systems > Edit system > Contract (Result: Persons > Select person > Information) | |
Which thresholds - for the number of added, removed, and/or blocked persons - can block imports? | Source > Systems > Edit system > Thresholds |
Persons
Setting | On the Provisioning dashboard menu, go to | See |
|---|---|---|
How are display names in HelloID configured? Note: This does not affect the display name of persons in target systems. | Source > Systems > Source configuration - Display name (Result: Persons) | |
Will you receive merge suggestions for persons? Can persons be merged automatically? HelloID decides whether entitlements can be transferred, based on the core principles of person aggregation (explained in Aggregation basics). The automatic transfer setting helps HelloID handle two situations where these principles don't apply. Is automatic transfer enabled? | Source > Aggregation > Configuration Per source system: Source > Systems > Edit system > Person: Aggregation field | |
How is a person's primary contract calculated? | Source > Systems > Source configuration - Primary Contract | |
Is a person's primary manager derived from their primary contract or from their department? | Source > Systems > Source configuration - Primary Manager | |
Are any persons excluded when the business rules are enforced? Are any persons excluded automatically? | Business > Exclusions Source > Systems > Edit system > Person > Is the Excluded field mapped, and how is it filled? |
Business rules
Setting | On the Provisioning dashboard menu, go to | See |
|---|---|---|
What are the published business rules, and what categories are they divided into? | Business > Rules |
Per business rule:
Which entitlements does the rule grant? E.g. account, access, group membership (AD), permission membership (PowerShell v2) | Business > Rules > Edit rule > Entitlements | |
Which conditions define which persons are in scope for the business rule? Which fields and values are used in each condition? | Business > Rules > Edit rule > Conditions |
If the Governance module is available:
Have any toxic policies been set up? | Business > Rules > Toxic policy (button) |
Tip
The License information on your Admin dashboard shows whether the Governance module is available.
Target systems
Setting | On the Provisioning dashboard menu, go to | See |
|---|---|---|
Which target systems are enabled? | Target > Systems > Edit target system > General |
Per target system:
How is information from HelloID mapped to accounts in the target system? | Target > Systems > Edit target system > Fields Per field: Edit field > Configurations > Actions, Mapping | Active Directory: Target mappings Azure AD: Target mappings PowerShell v2: Target mappings |
Which target account field values are stored in a person's account data in HelloID, and when does that happen? | Target > Systems > Edit target system > Fields Per field: Edit field > Configurations > Options | Active Directory: Map fields Azure AD: Map fields PowerShell v2: Map fields |
Is the system dependent on another system? | Target > Systems > Edit target system > Account > Use account data from systems | |
How is correlation set up? | Target > Systems > Edit target system > Correlation | Active Directory: Correlation Azure: Correlation PowerShell v2: Correlation |
Which business rules manage entitlements in this system? | Target > Systems > Edit target system > Entitlements | |
Which thresholds can block grant/update/revoke actions? | Target > Systems > Edit target system > Thresholds |
Specific to Microsoft Active Directory:
Is Exchange integration enabled? | Target > Systems > Edit Microsoft Active Directory system > Exchange | |
Are home and/or profile directories automatically created for each provisioned user account? | Target > Systems > Edit Microsoft Active Directory system > Directories | |
Which actions in OUs are performed automatically after account life cycle events? E.g. move, update, or delete account | Target > Systems > Edit Microsoft Active Directory system > Administration | |
Are there any post action scripts? Are any other systems involved in the actions that these scripts perform? | Target > Systems > Edit Microsoft Active Directory system > Account |
Specific to PowerShell (v1, v2) systems:
If there is a Configuration tab, what system-specific settings does it have? | Target > Systems > Edit system > Configuration | |
Are permissions listed, or retrieved in a script? | Target > Systems > Edit target system > Permissions > Permissions | |
Are any sub-permissions granted dynamically? Based on which data? | Target > Systems > Edit target system > Permissions > Sub-permissions (enabled/disabled) Target > Systems > Edit target system > Permissions > Action/actions script (button) | |
Which account lifecycle events trigger actions? Are any other systems involved in those actions? | Target > Systems > Edit target system > Account > Account scripts |
If the Governance module is available:
Is a reconciliation report scheduled? | Business > Reconciliation > Configuration | |
If a reconciliation report is available: Which issues are excluded, and for how long? | Business > Reconciliation > Report Business > Reconciliation > Exclusions |
Notifications
Setting | On the Provisioning dashboard menu, go to | See |
|---|---|---|
Which notification systems are configured? | Notifications > Systems | |
Who receives a notification for which event, how, and what is the message? | Notifications > Configurations > Edit notification > General, Configuration, and Message | |
Are pre-on/offboarding events enabled, and when are they triggered? | Business > Person lifecycle Source > Schedules > Determine lifecycle events | |
Which target account field values can be used in notifications, for which events? | Target > Systems > Edit target system > Fields > Edit field > Configurations | Active Directory: Map fields Azure AD: Map fields PowerShell v2: Map fields (Selected fields are included in the list when you Notification variable hints) |