Skip to main content

HelloID

Rights reference

Tip

When you're first getting started with HelloID, you should Add an "All Rights" role for your Administrator account.

Important

Users and admins must log out and back into HelloID for changes in roles & rights to take effect.

Provisioning

Rights related to Provisioning.

Provisioning - Manage

Access to the Provisioning module.

Recertification

Rights to Recertification on the User dashboard

Recertification - Insights

Ability to view Recertification Insights

Recertification Management

Rights related to Recertification management on the Admin dashboard

Recertification Management - View campaigns

Ability to view a Recertification campaign

Recertification Management - Manage campaigns

Ability to manage a Recertification campaign

Recertification Management - Start new campaign iteration

Ability to Start a new Recertification Campaign iteration

Elastic Reports

Rights related to Audit logs.

Granting access to audit logs requires additional steps beyond enabling these rights. Follow the instructions in Grant access to audit logs.

Elastic Reports - View

Access to Audit logs.

Elastic Reports - Edit

Ability to Create a custom report.

Manage Second Factors

Rights related to 2FA and OATH.

Prerequisite: Admin Dashboard - Overview.

Manage Second Factors - Manage

Access to Security > 2FA > Management on the Admin dashboard.

Manage Second Factors - Configure

Ability to enable/disable factor types in Security > 2FA > Management, and access to Security > 2FA > OATH Tokens.

Data Source Management

Rights related to Data sources.

Prerequisite: Admin Dashboard - Overview.

Data Source Management - Overview

Access to Self Service > Data Sources on the Admin dashboard.

Data Source Management - Create

Ability to Add a PowerShell data source, Add a static data source, Add a native data source.

Data Source Management - Edit

Ability to Edit a PowerShell data source, Edit a static data source, Edit a native data source.

Data Source Management - Delete

Ability to Remove a PowerShell data source, Remove a static data source, Remove a native data source.

Approval Workflow

Rights related to Approval workflows.

Prerequisite: Admin Dashboard - Overview.

Approval Workflow - Overview

Access to Self Service > Approval Workflows on the Admin dashboard.

Approval Workflow - Create

Ability to Add an approval workflow.

Approval Workflow - Edit

Ability to Edit an approval workflow.

Approval Workflow - Delete

Ability to Remove an approval workflow.

Forms Management

Rights related to Dynamic forms.

Prerequisite: Admin Dashboard - Overview.

Forms Management - Overview

Access to Self Service > Forms on the Admin dashboard.

Forms Management - Create

Ability to Add a dynamic form.

Forms Management - Edit

Ability to Edit a dynamic form.

Forms Management - Delete

Ability to Remove a dynamic form.

Servicedesk

Rights related to the Servicedesk.

Servicedesk - Overview

Access to the Servicedesk on the User dashboard.

Self Service Administration

Rights related to Product administration.

Prerequisites: Admin Dashboard - Overview, Self Service Catalog Management - Overview Products.

Self Service Administration - Overview

Access to Self Service > Administration on the Admin dashboard.

Self Service Administration - Assign

Ability to Assign a product.

Self Service Administration - Return

Ability to Revoke a product.

Self Service Administration - Approve

Ability to Approve a product request.

Self Service Administration - Deny

Ability to Deny a product request.

Delegated Forms Management

Rights related to Delegated forms, Activities, and Delegated form categories.

Prerequisite: Admin Dashboard - Overview.

Delegated Forms Management - Overview

Access to Delegation > Delegated Forms and Delegation > Activities on the Admin dashboard.

Delegated Forms Management - Create

Ability to Automatically import a pre-defined delegated form and Add a custom delegated form.

Delegated Forms Management - Delete

Ability to Remove a delegated form.

Delegated Forms Management - Edit Form Groups

Ability to Grant a group access to a form.

Delegated Forms Management - Edit Form Categories

Ability to Link a form to a category.

Mapping Set

Rights related to IdP mapping sets.

Prerequisite: Admin Dashboard - Overview.

Mapping Set - Overview

Ability to view IdP mapping sets.

Mapping Set - Edit

Ability to Customize IdP mappings.

Mapping Set - Delete

Ability to remove IdP mapping sets.

Directory Settings

Rights related to ?

Directory Settings - Overview

Directory Settings - Create

Directory Settings - Edit

Directory Settings - Delete

Notifications

Rights related to Notification settings.

Prerequisite: Admin Dashboard - Overview.

Notifications - Overview

Access to Settings > Notifications on the Admin dashboard.

Notifications - Edit

Ability to Edit a notification.

Notifications - Add

Ability to Add a notification. Prerequisite: Notifications - Edit.

Notifications - Delete

Ability to Remove a notification.

Notifications - Show On Dashboard

Ability to see exposed notifications on the User dashboard (intended for users; in this case, do not assign the Admin Dashboard - Overview right).

Application Category

Rights related to Application categories.

Application Category - Overview

Access to Applications > Categories on the Admin dashboard.

Application Category - Edit

Ability to Edit an application category.

Application Category - Add

Ability to Add an application category.

Application Category - Delete

Ability to Remove an application category.

Application Category - Add To Group

Ability to Link a category to a group.

Application Category - Remove From Group

Ability to unassign a group from an application category.

Application Category - Add Applications

Ability to Link a category to an application.

Application Category - Remove Applications

Ability to unassign an application from a category.

Automation

Rights related to Tasks.

Prerequisite: Admin Dashboard - Overview.

Automation - Task Overview

Access to Automation > Tasks on the Admin dashboard.

Automation - Edit/Create Task

Ability to Edit a scheduled task.

Automation - Delete Task

Ability to Remove a scheduled task.

Automation - Schedule Overview

Access to the Schedules tab of scheduled tasks.

Automation - Edit/Create Schedule

Ability to add and edit schedules on the Schedules tab of scheduled tasks.

Automation - Delete Schedule

Ability to remove schedules on the Schedules tab of scheduled tasks.

Automation - Run Task Now

Ability to Manually run a scheduled task.

Automation - Task History Overview

Access to Automation > Task History on the Admin dashboard (View task run history).

Automation - View Console Output

Automation - Add Task From Catalog

Ability to Add a scheduled task.

Automation - Overview Events

Deprecated.

Automation - Edit Events

Deprecated.

Automation - View Task Input Variables

Access to the Input Variables tab (see View task run history).

Self Service Request History

Rights related to product request history (see View product request history).

Prerequisite: Admin Dashboard - Overview.

Self Service Request History - Overview

Access to Self Service > Request History on the Admin dashboard (View product request history).

Self Service Request History - Mark Action As Succeeded

Ability to Mark a product task as succeeded.

Self Service Request History - Retry Action

Ability to click Retry for product tasks.

Self Service User Management

Rights related to Products for managers.

Self Service User Management - User Overview

Access to Management > Managed Users on the User dashboard.

Self Service User Management - User Report

Ability to Report errors to IT.

User Categories

Rights related to ?

User Categories - Add Category

User Categories - Delete Category

User Categories - Add To Category

User Categories - Remove From Category

Variables

Rights related to Variables.

Prerequisite: Admin Dashboard - Overview.

Variables - View Variables

Access to Automation > Variable Library on the Admin dashboard.

Variables - Edit Variables

Ability to Add a custom variable and Edit a custom variable.

Variables - Delete Variables

Ability to Remove a custom variable.

PowerShell

Rights related to PowerShell script templates that you create in Automation > PowerShell Scripts (not recommended and not documented; see PowerShell scripts).

Prerequisite: Admin Dashboard - Overview.

PowerShell - Overview

Access to Self Service > PowerShell Scripts on the Admin dashboard.

PowerShell - Edit

Ability to edit PowerShell script templates.

PowerShell - Create

Ability to add PowerShell script templates.

PowerShell - Delete

Ability to remove PowerShell script templates.

Self Service Catalog Management

Rights related to Products.

Prerequisite: Admin Dashboard - Overview.

Self Service Catalog Management - Overview Products

Access to Self Service > Products on the Admin dashboard. Prerequisite: Self Service Management - Overview

Self Service Catalog Management - Edit Product

Ability to Edit a product, except for the Risk Factor.

Self Service Catalog Management - Create Product

Ability to Add a product.

Self Service Catalog Management - Delete Product

Ability to Remove a product.

Self Service Catalog Management - Overview Categories

Access to Self Service > Categories on the Admin dashboard.

Self Service Catalog Management - Edit Category

Ability to Edit a product category.

Self Service Catalog Management - Create Category

Ability to Add a product category.

Self Service Catalog Management - Delete Category

Ability to Remove a product category.

Self Service Catalog Management - Add Product To Group

Ability to Link a product to a group.

Self Service Catalog Management - Remove Product From Group

Ability to unassign a product from a group.

Self Service Catalog Management - Add Category To Group

Ability to Link a category to a group.

Self Service Catalog Management - Remove Category From Group

Ability to unassign a group from a product category.

Self Service Catalog Management - Clone Product

Ability to Clone a product.

Self Service Catalog Management - Edit Risk Factor

Ability to edit a product's Risk Factor. Prerequisite: Self Service Catalog Management - Edit Product.

Self Service User

Rights related to Products for users on the User dashboard.

Self Service User - Product Overview

Ability to view requestable products in Service Automation > Self Service Products and Service Automation > Self Service Categories.

Self Service User - Request Overview

Ability to Request a product (user dashboard) and View products and requests.

Self Service User - Revoke

Self Service User - Return

Ability to Return a product.

Self Service User - Remind

Ability to Send Reminder for requests that are Pending Approval in View products and requests.

Self Service User - Report Request Failed

Self Service User - Report No Approvers Available For Request

Ability to Send A Notification To Your Service Desk in View products and requests for requests that have no designated responders.

Self Service Management

Rights related to Products for product owners and Designated responders on the User dashboard.

Prerequisite: Self Service User - Product Overview.

Self Service Management - Overview

Access to Management > Managed Products on the User dashboard.

Self Service Management - Approve/Deny

Ability to Respond to a request.

Self Service Management - Delete

Self Service Management - Change Owner

Self Service Management - Return User Product

Self Service Management - Request On Behalf

Ability to Request an owned product on behalf.

Self Service Management - Return On Behalf

Ability to Return an owned product on behalf.

Self Service Management - Detailed View

Ability to View Details in View owned products.

Self Service Management - Report Request Failed

 

Self Service Management - Configure Delegated Approver

Ability to Delegate response duties.

AD Connector

Rights related to ?

AD Connector - Overview

AD Connector - Edit

AD Connector - Create

AD Connector - Delete

Admin Dashboard

Rights related to the Admin dashboard.

Admin Dashboard - Overview

Access to the Admin dashboard. This right is a prerequisite to all other rights involving the admin dashboard.

API Access

Rights related to the Generate an API key screen.

Prerequisite: Admin Dashboard - Overview.

API Access - Overview

Access to Security > API on the Admin dashboard.

API Access - Edit

Ability to edit a generated API key.

API Access - Create

Ability to Generate an API key.

API Access - Delete

Ability to remove a generated API key.

Applications

Rights related to Applications.

Prerequisite: Admin Dashboard - Overview.

Applications - Overview

Access to Settings > Applications on the Admin dashboard.

Applications - Edit

Ability to Edit an application, except for the Credentials tab.

Applications - Add

Ability to Add an application from the catalog.

Applications - Delete

Ability to Remove an application.

Applications - Credentials

Ability to Set credential source. Prerequisite: Applications - Edit.

Applications - Request

 

Application Access Rules

Rights related to Application access rules.

Prerequisite: Admin Dashboard - Overview.

Application Access Rules - Overview

Access to Settings > Policies > Application Access Rules on the Admin dashboard.

Application Access Rules - Edit

Ability to Edit an application access rule.

Application Access Rules - Create

Ability to Add an application access rule.

Application Access Rules - Delete

Ability to Remove an application access rule.

Certificates

Rights related to Certificates settings.

Prerequisite: Admin Dashboard - Overview.

Certificates - Overview

Access to Settings > Certificates on the Admin dashboard.

Certificates - View

Ability to View a certificate.

Certificates - Create

Ability to Generate a self-signed certificate.

Certificates - Delete

Ability to Remove a certificate.

Certificates - Import

Ability to Import a certificate.

Groups

Rights related to Groups.

Prerequisite: Admin Dashboard - Overview.

Groups - Overview

Access to Directory > Groups on the Admin dashboard.

Groups - Edit

Ability to Edit a group.

Groups - Create

Ability to Add a local group.

Groups - Delete

Ability to Remove a group.

Groups - Add Users

Ability to Link a group to a user.

Groups - Delete Users

Ability to unassign a user from a group.

Groups - Add Applications

Ability to Grant a group access to an application.

Groups - Delete Applications

Ability to unassign an application from a group.

Groups - Add Integrations

Groups - Delete Integrations

Groups - Add Groups

Ability to Link a group to a group.

Groups - Delete Groups

Ability to unassign a group from a group.

Dashboard

Rights related to the User dashboard.

All users assigned to the User system role have all Dashboard rights.

Dashboard - Index

Access to the User dashboard.

Dashboard - Update Language

Ability to Change language.

Dashboard - Edit Profile

Ability to Update user profile, except for the Icon field.

Dashboard - Change Password

Ability to Change password.

Dashboard - Change Icon

Ability to update the Icon field in Update user profile. Prerequisite: Dashboard - Edit Profile.

Identity Providers

Rights related to Identity providers (IdPs).

Prerequisite: Admin Dashboard - Overview.

Identity Providers - Overview

Access to Security > Authentication > Identity Providers on the Admin dashboard.

Identity Providers - Edit

Ability to Edit an IdP.

Identity Providers - Create

Ability to Add an IdP.

Identity Providers - Delete

Ability to Remove an IdP.

Integrations

Rights related to ?

Integrations - Overview

Integrations - Edit

Integrations - Create

Integrations - Delete

Integrations - Credentials

Login Access Rules

Rights related to Portal access rules.

Prerequisite: Admin Dashboard - Overview.

Login Access Rules - Overview

Access to Security > Policies > Portal Access Rules on the Admin dashboard.

Login Access Rules - Edit

Ability to Edit a portal access rule.

Login Access Rules - Create

Ability to Add a portal access rule.

Login Access Rules - Delete

Ability to Remove a portal access rule.

Agents

Rights related to Agent.

Prerequisite: Admin Dashboard - Overview.

Agents - Overview

Access to Agents on the Admin dashboard.

Agents - Edit

Ability to Edit an Agent Pool.

Agents - Create

Ability to Add an Agent Pool and Install an on-premises Agent.

Agents - Delete

Ability to Remove an Agent Pool and Remove an Agent.

Agents - Shutdown

Ability to Shut down an Agent.

Reporting

Rights related to Report spaces and Scheduled reports.

Prerequisite: Admin Dashboard - Overview.

Reporting - View

Access to Insights on the Admin dashboard.

Reporting - Add Report To Group

Reporting - Remove Report From Group

Reporting - Scheduled Reports Overview

Access to Insights > Scheduled Reports on the Admin dashboard.

Reporting - Create Scheduled Report

Ability to Add a scheduled report.

Reporting - Edit Scheduled Report

Ability to Edit a scheduled report.

Reporting - Delete Scheduled Report

Ability to Remove a scheduled report.

Roles

Rights related to Roles.

Prerequisite: Admin Dashboard - Overview.

Roles - Overview

Access to Security > Roles on the Admin dashboard.

Roles - Edit

Ability to Edit a role.

Roles - Create

Ability to Add a role.

Roles - Delete

Ability to Remove a role.

Roles - Clone

Ability to Clone a role.

Roles - Edit Role Members

Ability to Link a role to a user and/or Link a role to a group.

Settings

Rights related to Settings.

Prerequisite: Admin Dashboard - Overview.

Settings - Appearance

Access to Appearance settings.

Settings - Logging

Access to Logging settings, except for Log Retention settings.

Settings - Device Authentication

Access to Security > Mobile App Security on the Admin dashboard.

Settings - Language

Access to Language settings.

Settings - Password Self Service

Access to Password self service.

Settings - Login Settings

Access to Sign-on policies.

Settings - Password Policies

Access to Password policies.

Settings - Logging Retain Duration

Access to Log Retention settings in Logging settings. Prerequisite: Settings - Logging.

Settings - Company Settings

Access to Company settings.

SMS Configuration

Rights related to SMS.

Prerequisite: Admin Dashboard - Overview.

SMS Configuration - Overview

Access to Security > Authentication > SMS on the Admin dashboard.

SMS Configuration - Edit

Ability to Edit an SMS config except for the Provider.

SMS Configuration - Create

Ability to Add an SMS config except for the Provider.

SMS Configuration - Delete

Ability to Remove an SMS config.

SMS Providers

Rights related to SMS.

Prerequisites: Admin Dashboard - Overview, SMS Configuration - Overview, SMS Configuration - Create/Edit.

SMS Providers - Overview

Ability to change the Provider of an SMS configuration.

SMS Providers - Edit

Ability to edit the Provider of an SMS configuration.

RADIUS Servers

Rights related to RADIUS.

Prerequisite: Admin Dashboard - Overview.

RADIUS Servers - Overview

Access to Security > Authentication > RADIUS on the Admin dashboard.

RADIUS Servers - Edit

Ability to Edit a RADIUS config.

RADIUS Servers - Create

Ability to Add a RADIUS config.

RADIUS Servers - Delete

Ability to Remove a RADIUS config.

Users

Rights related to Users.

Prerequisite: Admin Dashboard - Overview.

Users - Overview

Access to Directory > Users on the Admin dashboard.

Users - Edit

Ability to Edit a user.

Users - Create

Ability to Add a local user.

Users - Delete

Ability to Remove a user.

Users - Reset Password

Ability to Change a user's password.

Users - Edit Credentials

Ability to Edit a user's credential set.

Users - Show User Cards

 

Users - Reset Second Authentication Factor

Ability to Reset a user's 2FA (dynamic 2FA).