Click here to sign up for our mailing list
Hello and welcome to this HelloID Provisioning product release video for February 2020.
HelloID Provisioning is an 100% born in the cloud, easy the configure and to maintain user provisioning solution. It helps organisations to fully automate the user life cycle management in the network by connecting the HR or SIS as a source system. Every change in this source is detected and processed into the network. No worries anymore about stale user accounts, accumulation of licences or access rights, manual user management or compliancy issues.
In this video I first I’d like to start with a PowerPoint presentation and then demo you the new functionalities.
So we have two items. We have an option now to delete business rules, and the option to keep them managed or unmanaged, I will show you how this works in a minute.
And now we are very proud that we also have the Powershell target connector, in the previous release from January we had the source connector Powershell and now we have the target system. You basically now have full flexibility to connect any system as source or as target to HelloID.
Delete a business rule
So, let me demo this new functionality to you and I will start with the new option to delete a business rule. So here I’m in the provisioning section of the portal, and here in the business rules you have the new option delete a business rule. If you click delete you have two options: you can say that you want to delete and revoke, so if you delete a business rule all the entitlements that are connected to the business rule will also be revoked from users in the network, or delete the rule and nothing happens, only the rule will be deleted in HelloID and no entitlements will be revoked from users. So no change for the users in the network.
So let me demo both options. I have two business rules, one for Visio groups that’s applicable for this group of users, and I have a set of entitlements for Adobe products. So let me delete the Visio Business Rul, and I will delete and revoke. So the users in scope should be removed from the Visio group.
and for Adobe I will only say I want to delete and keep them unmanaged. So the adobe group should be untouched.
If I go to evaluation, run the enforcement, you can see that the Visio groups will be removed but there is no real action for the Adobe groups and that’s exactly what I want to accomplish.
I can also go to the active directory, and if I go to a particular user you will see that the Adobe memberships are still on the user but the Visio groups have been removed.
Powershell target connector
Okay, so let me go to the other option I’d like to show you, that’s a very big one and it’s part of the target systems, now we have a new target system connector and that is Powershell and it basically gives you a lot of flexibility. You can now connect any system you like.
So this option is new, you already had these two but this is a new option. So I already pre-configured a Powershell connector and this connector is basically exporting information and updating information in a CSV file. So here you have the option available to have complete use of life cycle management in any system you like, and here you can specify how you want to create and delete the account, enable, disable, and to update an account on changes in, for example, the HR system.
You also have the options available which you’re already familiar with, you have thresholds, email notifications if an account is being created, and a full audit option.
But this is the most interesting section, here you can specify what needs to be happening if a new user is created in the identity vault, than this option is going to be executed. So here you can click on configure, and here I have the Powershell script and in this script in this particular example I am creating a new user in a CSV file but I can do basically anything I like with Powershell. I’ve got the person record from the HelloID vault and with that information I can create a full account, in this example in a CSV file but I can also do it in a web API or in a database or whatever target system is compatible with Powershell.
Here I a powerful preview option., I can see if the effect is okay, so I can search for one user and click here on preview. The preview option gives me an overview if the information from the vault is actually being executed correctly in the target system. It gives be an easy option to validate if my powershell script is working okay and a simple option to debug my script.
Of course I can make modifications to the Powershell script and I can see the immediate effect in the preview, so suppose I want to update the account reference, I click on preview again and you can see that here the account has been updated with the change I made here, so you see the immediate effect of the changes I make in the Powershell script.
Okay, so let me demo this from the HR system all the way down to the CSV file. First I’d like to show you the end result CSV file, this file is being managed by HelloID, via the target of the Powershell connector I just showed you. I can search for myself, Tjeerd, and here you can see that I my jobtitle is a systems consultant working on the administration department, and this is my manager. My account is disabled, it’s false. So what I will do in the HR system is change my department, my manager, and I will change a business rule so that my account will be enabled, and I’ll also create a new user: John Smith. I only have one Smith, it’s Joe Smith, I will generate John Smith. So let me switch to the HR system, run the provisioning evaluation, I see what the effect is of the Powershell connector.
So this is the HR system and it is not part of HelloID. First I’ll make a modification to myself, change the department, now it’s administration but I will change it to ICT, and my manager is going to be Amir. Save this. Let me also create the new user, John Smith, who was not yet available in the CSV file. I will make him part of the ICT department as well, in the role of a software consultant, he’ll be a fulltime employee and the manager will be Amir Atkinson.
So now let me switch over back to HelloID. I’ll go back to the source system, I have 66 people, I’ll start import and Tjeerd Seinen will be updated and John Smith will be added, so now we’re up to 67. Here it is, now I’ll look into the vault to see whether everything has been updated correctly. So Tjeerd is no longer a member of the administration department but instead a member of the ICT department and Amir Atkinson is the manager, and I can also look for John. Here is John Smith, member of the ICT department and the manager is Amir. I can also change the business rules, I want to enable the account in the on premise powershell connector in the CSV file, so here I also have the option in Powershell to say Account Access, so the disabled false state will be changed to enabled, shown as TRUE. Now I can run the evaluation. The accounts will be updated, so Tjeerd Seinen will be updated and John Smith will be created, and the accounts will be set to true.
So let me switch back to the CSV file that’s being managed by the Powershell connector. I can look for Tjeerd and Tjeerd is updated to the ICT department and the manager is Amir, which has also been updated by the Powershell connector, and the account is set to enabled, to true. I can also look for John, but that account needs to be created or inserted into the CSV file, and here it shows John has the same department and manager.
I think this is a very powerful option to HelloID where you basically can connect any target system.
This is the end of this video. Thank you for your time and attention.
Please let us know if you have any additional questions. You can post your question in youtube or send it to firstname.lastname@example.org. Please subscribe to our channel to receive frequent updates about improvements and changes in HelloID.
For now have a wonderful day.