The provisioning module of HelloID allows you to manage your organization's account lifecycle within HelloID. It connects one or more source systems—such as a Human Resources database—to a myriad of target systems—such as Active Directory.
The provisioning process works as follows:
- You add one or more source systems, which are the systems of record which hold your organization's personnel data.
- Persons records are created by importing the personnel data from your source system(s). Each Person record corresponds to a real-world person in your organization. Imports can be performed manually, or automatically on a regular schedule.
- You then create business rules, add rule conditions and configure those rule conditions. This combination of business rules and rule conditions specifies the appropriate entitlements (also see: working with entitlements) which Persons should receive. Possible entitlements include target system accounts, target system account access, target system group membership, and custom entitlements (aka Permissions).
- Note that target system accounts and groups are not necessarily HelloID user accounts or groups. They may be—for example if the IdP synchronized with your HelloID user directory is also your target system. But any supported target system may be used, including those which are not otherwise connected to HelloID.
- Entitlements are previewed and ultimately granted during the business rule evaluation and enforcement processes, respectively. As with imports, enforcement may be done manually and/or on a regular schedule. During enforcement, changes are saved into the target system(s).
Like other modules in HelloID, provisioning is tightly integrated with PowerShell to allow maximum flexibility and extensibility.
The Provisioning Dashboard
To access the provisioning dashboard, select the person icon in the top menu bar of the HelloID administrator dashboard:
Here, you get an overview of the entire provisioning module. It is split up into four distinct areas that allow you to configure every aspect of your organization's provisioning process.
- Source Systems
Learn about source systems here.
Learn about Persons here.
- Business Rules
Learn about business rules here.
- Target Systems
Learn about target systems here.
In order to create and manage accounts, HelloID needs to be connected to a target system, such as Active Directory. This section allows you to create connections to your desired target systems, either by selecting a pre-made connector from the library, or by using a generic PowerShell target for more custom situations.