Users
User accounts are the cornerstone of HelloID Access Management and Service Automation. Employees in your organization log into their HelloID user accounts to access their identity management services.
There are two types of users in HelloID: Local users and Synced users.
Users can be organized using Groups.
To get started, go to Directory > Users. Or, Add a local user.
Tip
User objects are only indirectly relevant to HelloID Provisioning, when you're using HelloID itself as a target system (see Provisioning GitHub resources). In that case, Provisioning will create user objects in the HelloID user directory.
Local users
Local users are created in HelloID using the Add a local user workflow or the API.
In Directory > Users, their Source is Local.
Local users can only log in using the Local IdP.
Local accounts can be useful in situations such as:
Your organization works with outside vendors or contractors who need access to HelloID. You can separate concerns by giving them local HelloID accounts instead of accounts in your organization's directory system.
Your organization is small and has no directory system, or an unsupported directory system. In this case, you can use the HelloID API to generate and maintain local users and groups based on a simple spreadsheet containing personnel data.
You want a 'break glass' local administrator account to log into HelloID when your IdP is down.
Synced users
Synced users are created in HelloID via Directory sync or the JIT feature of a configured IdP.
Typically, most of an organization's HelloID user accounts will be synced users (e.g., from Microsoft Active Directory or Google Workspace), and typically that directory system also serves as the primary IdP.
In Directory > Users, their Source is the name of the directory system or IdP they came from. For example, the AD domain name (e.g., t4edemo.com), or AzureAD.
Synced users can only log in using the IdP (see Identity providers (IdPs)) that corresponds to their Source.
