Import target system data to be used as entitlements
The import target system data feature is designed to assist the implementer when connecting HelloID Provisioning with a new target system that is already used in production.
This feature imports data from a target system and produces a report showing which rights - account, account access, and permissions - persons have in the target system, which they are also entitled to according to the business rules in HelloID. After viewing the report and correcting any irregularities, you can import the entitlements into HelloID so that they are marked as granted in HelloID - in other words, the entitlements are then managed in HelloID.
Note
This functionality is currently only available for on-premise Active Directory and PowerShell v2 target systems.
Before you start
For an Active Directory target system, Configure correlation.
For a PowerShell v2 target system, Configure correlation and Configure import from target system.
Go to Business > Entitlements.
Go to the Import tab.
Select a system from the Select System dropdown menu from which the data will be retrieved.
Perform an initial import of the system using the button in the Create snapshot tile.
Note
Imports can only be performed once per hour.
After the import is successfully completed, click the button in the Run evaluation tile to perform an evaluation. During this evaluation, HelloID applies the Business rules to determine which entitlements each person should receive in the selected target system.
Click the button in the Create report tile to create a report based on the imported target system data and the outcome of the evaluation.
Review the report.
The Person column lists all persons entitled to one or more permissions in the selected target system, provided these entitlements are not already managed (i.e. marked as granted) in HelloID.
Tip
If one or more persons are missing from the report, they may be out of scope due to business rule conditions.
The Account column holds the display name and user name of the correlated account.
Notice
If a person is correlated with multiple accounts in the target system, the report will show a warning. This can happen when multiple persons share the same correlation value in the source system, or when multiple accounts in the target system have the same correlation attribute value.
Black icons at the right show what will be marked as granted in HelloID when the entitlements are imported from the target system.
Table 1. Entitlement indicatorsAccount
Account Access
Permission (including Group Membership)
Active:
Active:
Active:
Inactive:
Inactive:
Inactive:
A grey icon can either signify that the account/access/permission is not found in the target system, or it is already managed in HelloID.
Click the
Permissions icon to see the permission(s) and the number of sub-permissions (if any) that were imported.If sub-permissions were imported, hover over the number of sub-permissions to see the name of the sub-permission(s).
After correcting any irregularities, click Import entitlements.
In HelloID, the imported entitlements are now marked as being granted to the person.
Tip
If an entitlement was mistakenly granted to a person in HelloID, it can be easily undone.
Unmanage the entitlements, one by one (Persons > Entitlements), or in bulk via the business rules.