Click here to sign up for our mailing list
Hello and welcome to this HelloID Provisioning product release video for June 2020.
HelloID Provisioning is an 100% born in the cloud, easy the configure and to maintain user provisioning solution. It helps organisations to fully automate the user life cycle management in the network by connecting the HR or SIS as a source system. Every change in this source is detected and processed into the network. No worries anymore about stale user accounts, accumulation of licences or access rights, manual user management or compliancy issues.
In this video I first I’d like to start with a PowerPoint presentation and then demo you the new functionalities.
We have three new items. We can exclude people from processing and that means that I can mark a person, for example from an HR system, that will be excluded from processing. The use case is that if you have 2 source systems and a person exits in both systems but you only want to create a user account once. For example if you have staff and students in a school environment, and there’s a person that’s both staff and student, then you might only want to process the HR record and not the student record, so you won’t get a duplicate account. So you exclude this person, as a student, from processing.
You can do this manually, so you can mark them manually to exclude them from processing, but you can also set an automatic rule in the importer. Today I will show you both options after this PowerPoint.
The second new option is that we now have Target PowerShell memberships. We were already able to create, enable, disable, delete and edit accounts, but now you can also set the membership or permissions on a user account. And, again, I will demo you this right after this PowerPoint.
The last new option is that we now have Cloud PowerShell as a source system option, before you always needed an agent running a local member server, but now this is not necessary anymore because it’s running in HelloID cloud environment and you don’t need an agent anymore to retrieve data from the source system. Okay, so let me demo these new functionalities to you.
Exclude people from processing
So the first option I’d like to show you is how to exclude a person from processing. This basically means that if you go to the business rules and run an evaluation, then you don’t want that person being processed. You have to options: you can do it manually and you can set a rule. So first let me show you the easier manual version. Here you have the ‘Exclusion’ list and here you can mark people to be excluded, I already marked a couple of persons for exclusion, and here you can see the type: these are all the manual ones, so suppose I want to exclude a couple more persons, all these will be manually excluded too.
Here I have a different type, Mr. Anderson, and he is also excluded from processing, but that’s based on the source mapping rule. Let me show you how to do that, you go to ‘source’, ‘configuration’, ‘person’, and this is a new option: ‘Excluded’, and here you have the option to set a rule on who needs to be excluded and you do this on any parameter from the source system. In this particular case I didn’t make such a nice example, I just excluded Mr. Anderson based on his external id. This is the external id, and if this person has this external id I set the return value for ‘excluded’ on true. So if you go down you can see that this is true. If I remove this then Anderson will be processed again, so if I go here, to fixed value, and say excluded to false, so basically this means that he’s not going to be excluded anymore, I need to rerun the source system but then you will see that Mr. Anderson will be excluded from the list, I have not run the source system import again so he’s still showing as ‘excluded’, but if I rerun the source import then Anderson will be included again.
Target PowerShell memberships
Okay, now let me show you the next item on the list, the Target PowerShell memberships. If I go to the target systems, there’s a powershell demo created here and this is a new option, this was already available with the account lifecycle, but now we have the new option here ‘membership’, and it contains the grant and revoke access rights within the PowerShell system. This is the list of memberships or access rights that are available for grant or revoke. It has a display name and an identification, and this is an object, it’s PowerShell code so you can include everything you like, it’s now hard code but I could retrieve information from a CSV file or web API.
The display name is used for GUI purposes, the identification object will be passed if you grant or revoke the particular access right, so then you have more detailed information. I can preview here and then list two items, 1 & 2, and then see what information is inside. If I’m going to do a grant then I need to execute what’s going to happen, and of course I get the membership reference, and here I can see what’s going to happen with a particular person if I do this access right. I think the most important thing is that it shows up in the business rules, so if you go to business rules, and I’ll do a very simple example, here it loads the PowerShell, it used to only show the account and account access, but now it’s also showing the two extra permissions that I have created in the PowerShell connector. I think this is a very powerful extension to the Provisioning module.
Cloud PowerShell source connector
The last item is the cloud PowerShell source connector, there’s not that much to show you, it’s a big change but it shows up like a very simple option. If I toggle this option, it will be executed via the on premise agent and if I toggle it this way it will be executed from the HelloID cloud environment. A very simple tick box with of course a lot of background changes for this. You need to remember that if you run any code, it needs to be compatible to PowerShell Core 7.
This is the end of this video. Thank you for your time and attention.
Please let us know if you have any additional questions. You can post your question in youtube or send it to firstname.lastname@example.org. Please subscribe to our channel to receive frequent updates about improvements and changes in HelloID.
For now have a wonderful day.