Skip to main content



In many organizations, there is a need to prevent automated processes from touching certain employees' accounts. For example, the CEO, principal, or anyone else whose account data must adhere to different standards. HelloID lets you exclude persons on either a manual or automated basis. When a person is excluded, they are not processed during Enforcement.

To get started, Manually exclude a person or Automatically exclude a person. Subsequently, Re-include a person.

Exclusions can be viewed in Business Rules > Exclusions. Manually excluded persons are labeled with the Manual indicator. Automatically excluded persons are labeled with the Source indicator.


Excluded persons are also labeled on the Persons overview:


If you exclude a person to whom HelloID has already granted Entitlements, those entitlements remain granted while the person is excluded, even if the person goes out of scope of the qualifying business rule or if the rule is deleted. If you include the person again later, entitlements will be updated accordingly during the next enforcement. In other words, exclusion is different than an Unmanage an entitlement action, which forgets entitlements permanently. Exclusion remembers entitlements and "catches up" on any entitlement actions when a person is included again.

If an excluded person's raw personnel data is removed from its associated source system, the excluded person will be removed during the next enforcement, and all of its granted entitlements will be revoked (see Revoke). This is the same behavior as a normal (non-excluded) person.

A related but distinct feature is Thresholds. While exclusions selectively exclude certain persons from enforcement, target thresholds partially or fully halt enforcement if it is significantly different than the previous enforcement.

Exclusions can also be triggered by the Person aggregation feature. In this case, they are labeled with the Skip Processing indicator, but work the same way.