Pricing

Articles in this section

See more

How to configure and manage target systems

  • Updated:

Introduction

After you've added a target system, you will need to make some configuration changes. These changes affect how data from HelloID is written to the target system. This article will cover common configuration and management options that are found in multiple types of target systems. For information about a specific system, please see the other articles in this section or use the search functionality.

Manage a target system

On the Target Systems Overview, find the target system that you wish to configure and select its wrench icon. This will take you to the configuration screen for that system.

mceclip0.png

The configuration screen is split up into several tabs, as shown below. You can make changes in any of the tabs to affect how HelloID interacts with the target system. When you have finished, select the Save button to confirm your changes.

mceclip2.png

Common target system tabs

General

This tab allows you to update the name and description of the target system.

Some target systems will also show connection details under this tab, such as the Microsoft Active Directory target system connector.

The on-premise Active Directory target system and PowerShell target system have an Agent configuration option on this tab. See Agent configuration for on-premise systems.

Entitlements

Within the Entitlements tab, you can see a list of all business rules that contain entitlements for this target system. The icons to the right of the rule name indicate which entitlement types the rule contains: account, account access, group membership, or permission. You may edit any one of the rules by selecting its wrench icon.

mceclip0.png

Thresholds

The Thresholds tab lets you automatically block entitlement grants, updates, or revokes, when the number of modified entitlements exceeds a specified value. When an enforcement occurs for a target system, the pending activity is compared to the last enforcement for the same target system. If the amount of activity exceeds the threshold, the enforcement is blocked until manually approved. In this way, thresholds are safety nets. They reduce the likelihood of a major mistake in the provisioning process if an enforcement contains bad data or no data.

2021-01-21_11-59-06.png

You can set Grant and Revoke thresholds for each entitlement type supported by your current target system. Depending on the system type, this will include some or all of: Account, Account Access, Permission, and Dynamic Permission.

Note that Permission thresholds encompass "Permission" type entitlements as shown in Business Rules > Rules, as well as "Group Membership" type entitlements:

2021-01-21_12-34-01.png

Additionally, you can set Update thresholds for the Account and Dynamic Permission entitlement types. (Account Access and Permission entitlements don't have an update stage and therefore don't have a corresponding threshold setting.)

Thresholds can be specified in absolute/count or relative/percentage terms and are triggered on an equal-to-or-greater-than basis. If you set both absolute and relative thresholds, they are evaluated with OR logic.

When a threshold is triggered during an enforcement, warnings are shown on the Business Rules > Entitlements screen:

mceclip4.png

To manually approve a Blocked enforcement, select the blue arrow button and select the Yes button on the confirmation dialog box:

mceclip5.png

mceclip6.png

Note that thresholds are triggered before any entitlements are written to a target system. For example, if an addition threshold is set to 10 entitlements and the import adds 100 entitlements, zero entitlements will be written to the target system (rather than 10 entitlements being added and the remaining 90 being blocked).

Audit Logs

Within this tab, you can view and search all activity that HelloID has taken within the target system.

2020-12-16_13-28-03.png

Export a report

Select the Export 2020-12-16_11-39-29.png button to download a CSV report.

Force update accounts

If you make changes within a target system (e.g., to attribute mappings), the Force Update Account(s) feature immediately writes them into the target system. In the case of a modified attribute mapping or similar settings change, no Person data has been modified, and thus the changes won't be written during an enforcement. This feature provides the workaround.

2021-02-19_15-03-20.png

To confirm, select the Force update button. HelloID will begin updating accounts within the target system. Updates are only made to target accounts which HelloID has granted. Any accounts not granted by HelloID (e.g., manually created accounts, service accounts, etc.) will not be touched.

2021-02-19_15-03-54.png

Delete a target system

If you no longer need or want a target system in HelloID, you may remove it. On the Target Systems Overview, find the system that you want to delete and click its trashcan button.

mceclip0.png

You will be asked to confirm the deletion of the target system. If you are sure, click Delete to confirm the removal. Note that removing a target system will also remove its entitlements from any configured business rules. Any entitlements that have already been granted will become unmanaged.

mceclip1.png

Was this article helpful?
0 out of 0 found this helpful
Please visit our website for more information about HelloID (identity as a service).
Return to top