Task: Sync AD groups to products
This task creates a HelloID product for each AD group in a specified AD OU. Each created product automatically gets two Change AD group membership tasks attached: one which grants membership to the respective AD group during the Approved step, and one which revokes membership during the Returned step.
HelloID users can subsequently request these products to get access to the AD groups.
You may want to run the HelloID Product Ownership Sync task after this task, to assign each newly-created product to all users who already have the relevant group membership.
Important
For the product tasks to work, you must provide a value for the Default AD Domain in Company settings.
Task Settings
Name | Description | Example | Comment |
HelloID API key | The key value of a HelloID API key. | TYZAJTCEWBVBJXEPSFNXUVUBYEAJPPLA | |
HelloID API secret | The secret value of a HelloID API key | dZqAfxYzLpethsgrzzwLgAVyDXcDSurG | |
Prefix of product name | This string will be added at the beginning of each new product's name. | AD Sync Group | For example, if you have a group called "Accounting", and you provide a prefix of "AD Sync Group", the new product name would be "AD Sync Group Accounting". If a prefix is specified, this task will overwrite products with the same name. If no prefix is specified, this task will not overwrite products with the same name. |
Prefix of product description | This string will be added at the beginning of each new product's description | AD Sync Group Description | This value must be set for consistent operation. |
FA-Icon name | The name of the Font Awesome icon that will be associated with the new product. | group | For more valid icon names, see the Font Awesome cheat sheet here. |
HelloID product category | The name of the category to which the product will be associated. If no category of this name exists, a new one will be created. | General | |
HelloID Approval Workflow | The name of the workflow that will be launched when a user requests the product. | Auto Approve | |
Resource owner group | The name of the HelloID group whose members will be owners of this product, if the AD group does not have a manager. | Admins | |
The Active Directory OU path | The base OU path in which HelloID should search for groups, specified as the distinguished name. | OU=groups,DC=enyoi,DC=local | |
The Active Directory search filter | You may filter the resulting groups by their name. (Optional) | *HelloID* | Use an asterisk as a wildcard character in your filter. In the example of "*HelloID*", the filter will match any group that contains the string "HelloID". |
Remove product if group does not exist | Every time this task runs, any products with the specified Prefix of product name will be deleted, if the corresponding group no longer exists in AD. | ||
Return on user disable | Whether the product will be returned when a user that it's assigned to gets disabled | ||
Request comment option | Whether a comment is optional, required or not possible when requesting | "Optional" (other values are "Hidden" and "Required") |
