HelloID

A toxic policy in HelloID helps prevent users from receiving conflicting permissions. It defines Toxic combinations — sets of entitlements that shouldn't be assigned together. When such a conflict is detected, only one of the entitlements is granted, based on the policy. This enhances security and reduces unnecessary license costs.

When a person already holds one of the entitlements defined in a toxic policy, a required switch to the other entitlement is handled in two consecutive enforcements. During the first Enforcement, HelloID revokes the existing entitlement. During the next enforcement, the other entitlement is granted. This approach ensures that the conflicting entitlements are never held at the same time, in accordance with the toxic policy.