Click here to sign up for our mailing list
Hello and welcome to this HelloID Provisioning product release video for May 2020.
HelloID Provisioning is an 100% born in the cloud, easy the configure and to maintain user provisioning solution. It helps organisations to fully automate the user life cycle management in the network by connecting the HR or SIS as a source system. Every change in this source is detected and processed into the network. No worries anymore about stale user accounts, accumulation of licences or access rights, manual user management or compliancy issues.
In this video I first I’d like to start with a PowerPoint presentation and then demo you the new functionalities.
We have six new items in this release. We changed the behaviour of the manual start import button in the source connector, it used to be one sequence from import to creation of accounts. Since this release this is a two-step process. The first step is the import from source system and the second step is executing the business rules including the creation of accounts.
We also have two new notifications, one for the disable event and one for the enable event, and now we also have the option to sync iterations levels between name generation algorithms in a target system. It used to be disconnected but now there is the option to have one iteration level for all the naming conventions you are using. So, for example, now you have the option to make sure that the SAM account name is always the same with the e-mail address, even if there are duplicates in the network.
We also have the option to link accounts that are not correlated. You could already see the accounts that were not correlated (unlinked) but you had no option to link them. Now you can link the uncorrelated accounts.
The last option is the most advanced one. With this option you can pass account information from one target system to another target system. I have two extra slides to explain this mechanism.
Until this release there was basically a simple mechanism: you could import data from HR into the HelloID vault, and then you can pass information based on the business rules to, for example, an Active Directory target connector, and you could also execute a PowerShell target connector and create an account in an ECD.
So, suppose you want to have the UPN, for SSO purposes, in this ECD system. However the generated UPN was not available for this target connector. This is the problem that we have fixed in this release.
Now you can pass information that has been created here to the vault and make it available here, and I’ll explain this in the next slide.
So you now you have this situation where you can pass information back to the vault and you can do this per field, so in the person mapping in the target connector you can tick a box per field which information you’d like to store in the person vault.
In the person browser you have an overview with which information is being passed from this connector to the person vault, and of course you can also see on a preview basis what information that is.
Per target connector you can specify what information you want to get from another connector, so you can create a dependency on the account created in the Active Directory in this target connector by setting this dependency. This also means that this target connector will be executed after this target connector, so first an account will be created in the Active Directory and then the target connector will be run so that the information is available in time for the target connector.
In the PowerShell script you can use this reference and it’s actually referencing to the same account name here. The good thing is that the PowerShell connector can pass information back to the HelloID vault where it can be used again, perhaps in another target connector.
'Start import' button
So let me start with the first item, this ‘start import’ normally did everything, so importing data from the source system and also executing the business rules, but now you have to do that in two steps. This makes it more safe and secure and you become more in control of the whole provisioning process. So now I’m importing data from the source system and I’ve actually found some new users, but then if I also want to create the new accounts, then I have to execute the evaluation here, I have to enforce it here, so if I do it then you will see here that that’s the two step and now you will also create the account for the newly imported users.
Enable and disable events
Other new items are the enable and disable events, I’ve created two and I did that for the Active Directory system, but of course you can do it for every system. So let me choose the enable account, and here are the two new options: enable and disable, and of course you can do this per system and you can send this to, for example, a manager and we already included a default message, of course this one is for the enable but there’s also one for the disable account notification.
Sync naming convention
Another new item is the sync naming convention, sync iterations, and if you go to a target system, for example Active Directory, and go to the account section, there’s a new toggle: ‘synchronize unique fields’ and here you can exactly see what’s happening: when it’s enabled it will make sure that the iteration variable will have the same value for every field where it’s going to be used. For example, when using this in the SAM account name, here is the iteration and of course you can say ‘ensure this field is unique’, and then the iteration will be incremented every time the SAM account name is created but is not unique. It will be enforced over every field that is being used here in the target connector and that’s done by using this new toggle.
Link uncorrelated accounts in the correlation report
The next item is that you can link uncorrelated accounts in the correlation report. You have the correlation option, I correlate the person, with the External id value, with the Employee id value in the Active Directory. Now I go to the correlation report, I can refresh, and now it’s mapping the person External id with the Employee id field in the Active Directory. Here I can find accounts that are being matched and here I can find the unmatched accounts. So suppose I look for this person, Jamie, and I’d like to see if Jamie is also available in the Person vault, and now if I select this user in the vault and in the Active Directory I can link them. They are going to be linked by setting the External id in the Employee id field in the Active Directory. From now on every change with Jamie in the personal vault will be updated in the Active Directory.
Sending information from one target connector to another
So now I’ll demo the last and most powerful option: sending information from one target connector to another. I will start with the target system Active Directory, and the first thing you need to do is to determine what information needs to be sent back to the vault. I can do this, for example, to the user principle name, and here I have this new option: store this field in person account data. I can do this for Simon, and this information will be sent, of course only for the selected fields, to the vault and in the vault I can see, go back to the person, select Simon again, here you will see that this information has been sent from the Active Directory to the personal vault and I can use this in another target connector.
So if I go to another target connector, like this one, PowerShell demo, and here in the Account section I can specify where I’d like to get the information from, this is also set in the dependency and make sure that Active Directory is run first before this connector is being executed for a particular person, so if I go to Account Create, for example, and select the same person again, Simon, you can see that he is getting information, SimonB, here is the SAM account name and of course I want to have the principle name, I’ll run the preview again, and then you can see that this is the user principle name that has been created in the Active directory, set in the vault, and now I can retrieve it in the PowerShell connector.
To make the circle complete, I can also optionally send back information from the PowerShell connector into the vault, so perhaps I can use the information that has been created in this PowerShell connector again in another PowerShell connector. So if I go back to the person again, back to Simon, you will see that information that was created in that PowerShell connector is now available here.
This is the end of this video. Thank you for your time and attention.
Please let us know if you have any additional questions. You can post your question in youtube or send it to firstname.lastname@example.org. Please subscribe to our channel to receive frequent updates about improvements and changes in HelloID.
For now have a wonderful day.