Troubleshooting Access Management

Below are common Access Management issues, their solutions, and links to other helpful resources.

For user management issues, see HelloID portal and user administration.

Incidents

Agent is down

Restart the Agent services.
Make sure the necessary domains are whitelisted.
Verify that the agent has been updated to the latest version. If necessary, Manually update an Agent.
Ensure the agent is running with a service account that has sufficient permissions. See Agent requirements.

Directory sync failed

Check the directory system itself and the HelloID Directory Agent service on the directory system. See Directory sync.

Certificate expired

Suggested action

On the Admin dashboard, go to

See

Update the certificate

Applications > Applications > Edit application > Configuration

Update an expired app certificate

App setup guides

Important

Replace the certificate before it expires.

SAML and WS-Federation-based Single Sign-On (SSO) applications may continue to function with an expired certificate, although this is not recommended. OpenID Connect, however, requires a valid (i.e., unexpired) certificate.

Depending on the supplier, the certificate might need to be added manually, or it may update automatically using metadata (a "well-known configuration" document), which is refreshed every few minutes or hours. If you only update the certificate in HelloID and not on the supplier's side, it may cause downtime for the SSO connection.

Common issues

An application is inaccessible

Suggested action

On the Admin dashboard, go to

See

Check the application access rules

Check which groups have access to the application

In case of a SAML, OpenIDconnect or WS-Federation application: check whether the certificate is still valid

If an infinite loop occurs, add an application shortcut

Security > Policies > Application Access Rules

Applications > Applications > Edit application > Groups

Settings > Certificates > Show certificate usage in applications

Applications > Applications > Open Application Catalog > click Add for Generic Shortcut

Application access rules

Grant a group access to an application

View all active certificates

Application shortcuts

The use of licenses is exceptionally high

Note: By default, new applications are added to the Users group. This means the application can be assigned to all synced users, even if they do not use HelloID Access Management. This may lead to extra license costs, because each user uses a license as soon as the application is assigned.

Suggested action	On the Admin dashboard, go to	See
Verify that no application is accessible to all users	Applications > Applications > Edit application > Groups	Grant a group access to an application

In this section:

HelloID

Troubleshooting Access Management

Incidents

Important

Common issues

Search results