Creating a directory configuration requires a HelloID Agent and Agent Pool. If you do not already have these set up, please refer to this article before continuing.
Synchronizing your Active Directory data to HelloID is easy! Navigate to Directory > Active Directory to see an overview of the configurations within your organization's HelloID environment and to create a new configuration using the wizard.
How to Create a Configuration
- On the overview screen, click Create Configuration in the top right corner.
- In step 1 of the wizard, you must select the HelloID Agent Pool that will be responsible for this directory configuration. If you only have one agent pool, it will be selected by default. If you have multiple, you are free to choose the most appropriate pool for the job.
Select a pool and click Next to continue.
- Select the desired services that you wish this directory configuration to handle.
- Authentication: Allow users to log in to HelloID using their domain credentials.
- Synchronization: Synchronize users and groups from the domain into HelloID.
- If you have selected Synchronization, there are two additional toggles available during step 2.
- Start Sync Now: Enable this setting to begin synchronization immediately after creating the configuration.
- Allow User Deletion: If you enable this setting, users who are no longer present in the domain will be removed from HelloID as well.
- Enabling the Allow Deletion toggle will allow the admin to set a Deletion Threshold, which provides a safeguard against the accidental mass deletion of users. By default, this safeguard is set to 10%. Set the slider to the preferred percentage.
- Additionally, you may Enable User Hard-Delete. This will configure the synchronization so that users will be deleted from HelloID without any recovery option, even including the Settings. Leaving this toggle disabled will result in a soft-deletion. At the next synchronization, if the user reappears in the directory, the users will be available again with their previously configured settings.
- Click Next in the bottom right corner to continue.
- In step 3 of the wizard, you are able to configure the scope of user account synchronization within your domain. By default, Synchronize all users is selected. You may accept this default, Choose specific OUs, or you may choose Enter OU manually.
- In order to prevent synchronization of service accounts, we recommend you either choose the OUs that you want to synchronize, or you enter them manually. Do this, and click Next to continue.
- In step 4 of the wizard, you are able to configure group synchronization from your domain. By default, Synchronize all groups is selected. You may also choose to synchronize groups from the OUs that were specified for users, choose specific OUs, enter the OUs manually, or skip group synchronization altogether.
Make an appropriate selection and configure as necessary. Click Next to continue.
- The wizard is nearly finalized. Please review the summary of configuration information provided in step 4 to ensure accuracy regarding the settings. Note that an Identity Provider (IdP) is created for authentication/logon and an automation task is set to synchronize the users.
Click Save to confirm the configuration, finalize all settings and return to the Configuration Overview page.