Skip to main content

HelloID

Add an Active Directory configuration

For more information, see AD sync.

Note

Prerequisite: Install Agent on a server in your network with HTTPS access, which is not a domain controller.

  1. Go to Directory > Active Directory and click Create Configuration.

    2022-10-06_12-45-08.jpg

  2. Select the Agent Pool which contains the Agent you installed.

    For this example, we'll select our Demo Lab Agent Pool.

    2022-10-06_12-45-49.jpg

  3. Click Next.

  4. Select the services that you want this directory configuration to handle.

    2022-10-06_12-47-01.jpg
    Authentication

    An AD Agent IdP will be created, to let users log into HelloID via AD.

    Synchronization

    An Active Directory synchronization task will be created, to regularly sync AD accounts and groups to HelloID Users and Groups.

    • Start Sync Now: Run the AD sync task immediately after this configuration is created.

    • Allow Deletion: The AD sync task will be allowed to soft delete users and groups from HelloID when they have been deleted in AD. See Soft deleted users.

      • Enable Deletion Threshold / Deletion Threshold: Provides a safeguard against the accidental mass deletion of HelloID users and groups when the AD sync task runs. If the percentage of users or groups that will be deleted exceeds this value, all deletions will be canceled instead. By default, this safeguard is set to 10%.

      • Enable User Hard Delete: The AD sync task will hard delete users instead of soft deleting them. See Hard deleted users.

  5. Click Next.

  6. Select the user sync scope within your AD domain.

    Synchronize All Users

    Sync all users from all OUs.

    Choose Specific OUs

    Only sync users from specified OUs.

    Enter OU Manually

    Only sync users from a single specified OU.

    Caution

    To prevent synchronizing service accounts, we recommend not using Synchronize All Users.

    For this example, we'll select the Choose Specific OUs option and select our docs OU.

    2022-10-06_13-28-21.jpg

  7. Click Next.

  8. Select the group sync scope within your AD domain.

    Synchronize All Groups

    Sync all groups from all OUs.

    Synchronize Groups From The Same OUs As Specified For Users

    Use the same OUs from the user sync scope.

    Choose Specific OUs

    Only sync groups from specified OUs.

    Enter OU Manually

    Only sync groups from a single specified OU.

    Do Not Synchronize Groups

    Do not sync any groups from AD.

    For this example, we'll select the Synchronize Groups From The Same OUs As Specified For Users option.

    2022-10-06_13-40-38.jpg

  9. Click Finish.

    If you enabled the Start Sync Now toggle, the AD sync task will run for the first time, and sync AD users and groups from the selected OUs into HelloID Users and Groups.

    If you didn't enable the Start Sync Now toggle, you can Manually run a scheduled task for the Active Directory synchronization task.

    2022-10-06_14-01-42.jpg

  10. Customize this IdP. See AD Agent IdP and IdP settings reference.

    2022-10-06_14-16-35.jpg

  11. Customize the Active Directory mapping set.

    2022-10-31_15-06-40.jpg

Users synced from AD (see Synced users) will now be able to log into HelloID via the AD IdP.

2022-10-06_14-17-57.jpg

Users and groups will be regularly synchronized from AD into HelloID according to the schedule set on the Active Directory synchronization task.

In this section: