Creating a directory configuration requires a HelloID Agent and Agent Pool. If you do not already have these set up, please refer to this article before continuing.
A directory configuration specifies what data will be synchronized from Active Directory to HelloID. Communication between the two systems, as specified in the directory configuration, occurs via the HelloID Agent. You must have at least one directory configuration for any communication with Active Directory occur, but note that you're limited to one directory configuration per domain.
Navigate to Directory > Active Directory to see an overview of the configurations within your organization's HelloID environment and to create a new configuration using the wizard.
How to Create a Configuration
- On the overview screen, click the Create Configuration button in the top right corner.
- In step 1 of the wizard, you must select the HelloID Agent Pool that will be responsible for this directory configuration. If you only have one agent pool, it will be selected by default. If you have multiple, you are free to choose the most appropriate pool for the job.
Select a pool and click the Next button to continue.
- Select the desired services that you wish this directory configuration to handle.
- Authentication: Allow users to log in to HelloID using their domain credentials.
- Synchronization: Synchronize users and groups from the domain into HelloID.
- If you have selected Synchronization, there are two additional toggles available during step 2.
- Start Sync Now: Enable this setting to begin synchronization immediately after creating the configuration.
- Allow Deletion: If you enable this setting, users who are no longer present in the domain will be removed from HelloID as well.
- Enabling the Allow Deletion toggle will allow the admin to set a Deletion Threshold, which provides a safeguard against the accidental mass deletion of users. By default, this safeguard is set to 10%. Set the slider to the preferred percentage.
- Additionally, you may Enable User Hard-Delete. This will configure the synchronization so that users will be deleted from HelloID without any recovery option, even including the Settings. Leaving this toggle disabled will result in a soft-deletion. At the next synchronization, if the user reappears in the directory, the users will be available again with their previously configured settings.
- Click the Next button in the bottom right corner to continue.
- In step 3 of the wizard, you are able to configure the scope of user account synchronization within your domain. By default, Synchronize all users is selected. You may accept this default, Choose specific OUs, or you may choose Enter OU manually.
- In order to prevent synchronization of service accounts, we recommend you either choose the OUs that you want to synchronize, or you enter them manually. Do this, and click the Next button to continue.
- In step 4 of the wizard, you are able to configure group synchronization from your domain. By default, Synchronize all groups is selected. You may also choose to synchronize groups from the OUs that were specified for users, choose specific OUs, enter the OUs manually, or skip group synchronization altogether.
Make an appropriate selection and configure as necessary. Click the Next button to continue.
- The wizard is nearly finalized. Please review the summary of configuration information provided in step 4 to ensure accuracy regarding the settings. Note that an Identity Provider (IdP) is created for authentication/logon and an automation task is set to synchronize the users.
Click the Finish button to confirm the configuration, finalize all settings and return to the Configuration Overview page.