The HelloID Agent comprises two different Windows services: the Directory Agent and the Provisioning Agent. This article will introduce you to the basic functionality of both services.
The HelloID Directory Agent service:
- Authenticates users into HelloID when using AD as the Identity Provider
- Synchronizes user accounts from AD
- Launches scripts and tasks that are associated with automated tasks, self-service requests, and delegated forms
The log files for the Directory Agent service can be found at:
The HelloID Provisioning Agent is responsible for all tasks associated with the Provisioning module of HelloID. This primarily involves retrieving data from source systems (e.g., HR and SIS databases) and using it to provision user accounts and permissions in target systems (e.g., Active Directory, G Suite, etc.).
The log files for the Provisioning Agent service can be found at:
All actions taken by the Directory Agent and Provisioning Agent services when performing the aforementioned tasks are done within the context of the assigned service accounts. This means you will need to give appropriate permissions to those accounts within your environment, depending on the tasks that they will perform. For example, if the services will be responsible for running tasks to create user accounts and add them to groups, their service accounts will need permissions to do so.
In addition, the service account of the HelloID Agent services should have local administrator rights on the server where they are installed. This facilitates the automatic upgrade feature of the services. Without local admin rights, the services will fail to update.