Requirements
See the HelloID requirements before continuing.
If you are an end user, please see Manuals for End Users. If you are a HelloID administrator, please continue. This series of articles will lead you through logging in to HelloID and configuring it for use by your organization.
Introduction
HelloID is Tools4ever’s cloud Identity & Access Management-as-a-Service platform. It has three main categories of functionality ("modules"):
- Provisioning
- Service Automation
- Access Management
Note that the HelloID user interface and feature set do not precisely correspond to these categories. These categories are useful for understanding the "big picture" of what HelloID can do for you, but features in HelloID often combine aspects of several categories at once. For example, user synchronization/management falls—strictly speaking—under the category of Access Management. However, it is implicated in almost every other feature of HelloID. Similarly, features of Service Automation are often used to automate aspects of Access Management. And so on.
Provisioning
HelloID Provisioning performs user account lifecycle management.
Using a single source of truth—most commonly an HR database—HelloID Provisioning automates the processes of user onboarding and offboarding. Using employee information from the source system, it creates the appropriate accounts and entitlements on any number of target systems when a new employee joins. When an employee leaves, HelloID Provisioning disables the previously-granted accounts and entitlements.
The most important target system is usually the organization's IT user directory, which is usually also used as the main identity provider (IdP) in HelloID Access Management. Most often, this is Microsoft Active Directory, but HelloID is also compatible with other directories like Google G Suite, Azure AD, and so on.
HelloID Provisioning relieves the IT department of performing these steps manually every time an employee joins or leaves the organization. It supports the RBAC methodology.
Service Automation
HelloID Service Automation automates self-service requests which would normally be handled with a manual ticketing system. Self-service products can be created for nearly any resource, including digital items like software, physical items like laptops, or even sales meeting time slots.
When end users request products via HelloID, their requests are handled with custom approval rules, including delegation to the correct decision makers if necessary. Product delivery is accomplished with a built-in task catalog or with custom PowerShell script execution.
For a piece of software, delivery may entail automatic installation on the user's workstation over the network. For a physical product like a laptop, delivery may entail generating a custom hard drive image, with which an IT technician can easily prepare a machine. For a meeting, delivery may mean creating an Outlook appointment and inviting the correct participants.
In this way, fulfilling requests involves dramatically fewer emails, phone calls, sticky notes, and other error-prone procedures. Instead, everything possible is managed and tracked by software.
Essentially, HelloID automates the self-service request process right up to the point where human intervention is absolutely required.
Access Management
The main feature of HelloID Access Management is single sign-on (SSO) for applications.
With SSO, you specify an IdP—typically the organization's IT user directory—and HelloID allows end users to log into all their web apps with a single click. They are automatically authenticated against the chosen IdP. In this way, the user only needs to memorize the HelloID portal URL and one username/password combination. This means easier access for users, and far fewer password-related tickets for the IT department.
To support SSO functionality, HelloID offers user synchronization from your organization's directory system, multi-factor authentication (MFA), custom access rules and policies, full access history auditing and reporting, and more. HelloID also handles complex scenarios such as multiple IdPs, complex attribute mappings, and even using HelloID itself as the user directory.
The diagram below shows the HelloID SSO solution:
Supported SSO protocols
HelloID supports the following SSO protocols:
- SAML
http://saml.xml.org/saml-specifications - OpenID Connect (OAuth 2.0)
https://openid.net/connect/ - HTTP Basic Authentication
https://tools.ietf.org/html/rfc7617 - HTTP form POST
https://tools.ietf.org/html/rfc7231#section-4.3.3 - Browser plugin
HelloID provides a "catch-all" browser extension for legacy web applications or other applications that don't support a standard SSO protocol. The plugin guarantees SSO access for all applications by detecting and populating input fields. Passwords are stored centrally in HelloID. Functionality can be customized with JavaScript.
First login
After subscribing to HelloID, you will receive an email with your organization's HelloID portal URL, administrator username, and password.
Enter the URL in the browser. This will be in the form of https://<portal
base URL>/authentication/admlogin.
Enter the received credentials and click Login.
Once you are logged in with your administrative credentials, you will be taken to the HelloID Administrator Dashboard. This is where you will manage your organization's HelloID portal. Here you can manage the Identity Providers, Application, Connectors, Users, etc.
Next steps
Now that you're logged into the HelloID Administrator Dashboard, it's time to configure HelloID to suit your organization and your end users.