Import target system data to be used as entitlement(s)
The import target system data feature is designed to assist the implementer when connecting a new target system that is already used in production, with HelloID provisioning.
This feature imports data from a target system and produces a report that shows per person which entitlements - account, account access, and permissions - they have in the target system, that they are also entitled to according to the business rules in HelloID. After viewing the report and correcting any irregularities, you can import the entitlements into HelloID so that they are granted according to the state in HelloID - in other words, the entitlements are then managed in HelloID.
Note
This functionality is currently only available for on-premise Active Directory target systems.
Running a local HelloID agent is required.
The configuration of correlation needs to be enabled and configured properly for the selected target system.
Go to Business > Entitlements.
Go to the Import tab.
Select a system from the Select System dropdown menu from which the data will be retrieved.
Perform an initial import of the system using the Import from the Import system tile.
Note
Imports can only be performed once per hour.
After the import is successfully completed, an evaluation is required. During this evaluation, HelloID will determine which entitlements already exist within the target system. The results of this evaluation are based on the business rules, which configure the entitlements a person should have access to.
The next step is to create a report based on the outcome of the result.
What this report will show is a summary of the evaluation outcome, in which the left hand side of the report will show all the persons who are entitled to one or more permission(s) for the selected target system and don’t already own these entitlements as being granted from HelloID.
The final step is to import the entitlement(s) after the report has been verified. This will import the state into HelloID making the entitlement state marked as being granted to the person.
The report shows a list of persons on the left based on the evaluation outcome. If one or more persons are missing, they may be out of scope due to business rule conditions. On the right, the report displays the person's account and/or permissions, including the displayName and username based on the correlation configuration.
Icons | Description |
|---|---|
Account: | An indicator showing the account entitlement will be managed for this person. |
No account: | An indicator showing no account entitlement could be found for this person in the target system. |
Active account: | An indicator showing the account access entitlement will be managed for this person. |
No active account: | An indicator showing no active account entitlement could be found for this person in the target system. |
Permissions: | An indicator showing these permission will be managed for this person as entitlements. |
No permissions: | An indicator showing that the person has no permissions, which are imported as entitlements to be managed by HelloID. |
Notice
In case a person is correlated to multiple accounts in the target system, the import report will show this state as a warning. This could be related to multiple scenario’s for example when multiple persons share the same correlation value from the source, or in case there are multiple accounts found for the same person sharing the same correlation value inside the correlation attribute.