The Provisioning module of HelloID allows you to manage the account lifecycle for user accounts in your organization. It connects one or more source systems—such as a Human Resources database—to a myriad of target systems—such as Active Directory.
The provisioning process works as follows:
- You add one or more source systems, which are the systems of record which hold your organization's personnel data.
- Persons records are created by importing personnel data from your source system(s). Each Person record corresponds to a real-world person in your organization. Imports can be performed manually, or automatically on a regular schedule. After every import, the most recent dataset from each source system are automatically combined together into a single snapshot. The Provisioning engine always operates on the Persons in the most recent snapshot. The most recent snapshot always corresponds to the Persons listed in the Persons overview.
- You then create business rules, add rule conditions and configure those rule conditions. This combination of business rules and rule conditions specifies the entitlements (also see: working with entitlements) which Persons should receive. Possible entitlements include target system accounts, target system account access, target system group membership, and custom entitlements (aka Permissions).
- Entitlements are previewed and ultimately granted during the business rule evaluation and enforcement processes, respectively. As with imports, enforcement may be performed manually and/or regularly scheduled. During enforcement, changes are written into the target system(s).
Like other modules in HelloID, Provisioning is tightly integrated with PowerShell to allow maximum flexibility and extensibility.
HelloID Provisioning performs best when within the recommended Performance limits.
Grant access to the Provisioning module
Access to HelloID Provisioning is controlled by the Provisioning — Manage right:
To grant a user access to Provisioning (including your own administrator account), create a
Provisioning role with this right. Then assign the relevant account (or a user group containing the relevant account) to the role. The user must log out and in again to complete the process. See Create and manage roles & rights.
The Provisioning Dashboard
Note: Use the new Provisioning module
Access the HelloID Provisioning module by selecting the person icon as described below. Do not use the Provisioning link in the HelloID menu. The latter takes you to the legacy Provisioning system, which is deprecated.
To access the Provisioning dashboard, select the Provisioning icon in the top menu bar of the HelloID admin dashboard:
Here, you get an overview of the entire Provisioning module. It is split up into four distinct areas that allow you to configure every aspect of your organization's provisioning process: