Free Demo Contact
Baarn : +44 (0)1684 274 845
Getting started with HelloID
Logging en troubleshooting

Logging en troubleshooting

By: KaHo Man
10 November 2023

Logging plays a significant role within HelloID. With the help of the Identity & Access Management (IAM) solution, you can automate the provisioning of accounts and the assignment of rights. Much of this happens behind the scenes, which is both advantageous and challenging. It is crucial to ensure that no errors go unnoticed and to be able to trace and understand why specific actions took place. HelloID’s logging feature offers valuable insights and helps in identifying and resolving any issues. This blog post delves into the importance of HelloID’s logging, explains the difference between functional and technical logging, and discusses how log files can be used for troubleshooting.

Why is logging important?

Using HelloID, you significantly automate IAM within your organisation. HelloID acts as a mediator between your source system, such as an HR system, and target systems like Active Directory (AD), Azure AD or Google Workspace. The IAM solution can write accounts and rights to target systems but can also write back data to your HR system.

logging en troublesh_wat maakt (1)

Because HelloID largely automates these processes, it performs many actions that might not be immediately visible. Reporting and logging provide a window into what is happening under the hood, enabling you to closely monitor the performance of HelloID and any agents the IAM solution uses. All activities are recorded, allowing you to track what HelloID has done, understand the reasons for specific actions, pinpoint when they occurred, and assess their success.

What is functional logging?

When discussing logging, it is important to distinguish between functional and technical logging. Functional logging provides insight into when which user was granted which authorisations, and through which role this occurred. It also helps to understand why particular roles were assigned to specific users.

HelloID Screenshot: Entitlement Logging

This information is particularly relevant for audits. For example, functional logging allows you to demonstrate that rights have been assigned exclusively to the correct individuals and that you have timely revoked the rights of people leaving the organisation. Consider also the progression of an employee to a new role, which can lead to multiple actions. This includes assigning new authorisations and revoking old rights. Functional logging enables you to ‘peel back the layers’ of this process from start to finish.

HelloID Screenshot: Target Logging

Functional logging is also helpful in responding to employee queries. There might be times when an employee expects to receive certain permissions as part of their new role, only to discover that this has not happened yet. Functional logging provides detailed explanations for these situations and the steps taken in the provisioning process.

HelloID Screenshot: Person Logging

What is technical logging?

Technical logging offers insights into the technical processes occurring behind the scenes. If something goes wrong unexpectedly, it could be due to a technical issue. Technical logging helps you to pinpoint what went wrong, why it happened, and how to resolve the problem.

Moreover, technical logging can also play a role in answering functional questions. If functional logging reveals that an employee has not received certain rights, unjustly so, then technical logging can help identify the exact root cause. This might be due to an issue with an external partner you use, an unreliable internet connection or problems with a connector, which could prevent HelloID from accessing or writing the required information.

Stateful

It is also important to note that HelloID is stateful. In practical terms, this means that the IAM solution maintains its own records, remembering past actions and whether they were successful.  This ability to link the logging to specific actions provides a lot of insight. For instance, if a certain process scheduled for July 1st fails and is only executed on October 1st, you can easily trace and connect these events in the logs to identify the underlying issue.

This aspect is particularly vital for auditing. HelloID’s logging enables you to show the complete sequence of processes. For instance, you can trace an employee’s progression from the initial update in the HR system to the assignment of rights associated with their new role. It also allows you to demonstrate how you have addressed any issues that might have arisen unexpectedly. Essentially, the entire process is transparent and traceable from beginning to end.

Where can you find the logging?

It is also important to note that HelloID is stateful. In practical terms, this means that the IAM solution maintains its own records, remembering past actions and whether they were successful.  This ability to link the logging to specific actions provides a lot of insight. For instance, if a certain process scheduled for July 1st fails and is only executed on October 1st, you can easily trace and connect these events in the logs to identify the underlying issue.

This aspect is particularly vital for auditing. HelloID’s logging enables you to show the complete sequence of processes. For instance, you can trace an employee’s progression from the initial update in the HR system to the assignment of rights associated with their new role. It also allows you to demonstrate how you have addressed any issues that might have arisen unexpectedly. Essentially, the entire process is transparent and traceable from beginning to end.

logging en troublesh_waar (1)

When you are using a local agent, as a customer, you will have direct access to the log files. These files can be found on the system where the HelloID agent is installed, usually a Windows server within your IT infrastructure. The logs are stored in the Program Data folder. Here, you will find a Tools4ever subfolder, which contains additional folders for the log files of different agents, covering provisioning, directory and service automation. The logs are recorded in a text file, which can be opened with any text editor.

Each action the agent performs is meticulously logged with a timestamp accurate to one-hundredth of a second. This detail allows you to track precisely what actions HelloID has carried out, their timing and the sequence. For instance, if you are managing on-premise Active Directory (AD) tasks through the Provisioning agent, you can find these tasks detailed in the logs associated with that specific agent.

Monitoring log files

The logging provides a detailed view of what is happening under the hood of HelloID. This offers significant benefits. By actively monitoring the logs, you can identify potential problems early on, before users encounter them. With this information at hand, you can take proactive steps if something unexpectedly goes wrong.

logging en troublesh_monitoren (1)

Log files also assist in verifying changes you make in HelloID. While you can validate every change you make in advance using methods like a dry run, it is beneficial to be able to check that everything is working correctly after the changes go live. Log files enable this. Therefore, we recommend closely monitoring the log files when making changes, and not merely consulting them when problems occur.

Note: Log files are only accessible if you, as the customer, manage the infrastructure yourself. If you outsource this to Tools4ever, they will take care of the logging management for you, and you will not need to worry about it.

Troubleshooting

You may encounter error messages in the logs. Our documentation includes an overview of common error messages found in log files. The approach to resolving issues varies and naturally depends on the nature of the problem you identify. The documentation also provides guidance for fixing these errors.

Error messages can vary depending on the agent, source or target system, and the task performed. An overview of the most common error messages is available on the forum. Please note that this overview is merely a sample.

Notifications

There are times when a problem demands the immediate attention of an administrator, particularly when it could have a significant impact on HelloID’s performance. This might be due to issues like an agent being unavailable or crucial tasks not being executed. These scenarios are classified as incidents.

HelloID’s administrator dashboard offers a clear overview of any such incidents. This feature allows you to quickly spot all problems that require urgent attention, enabling you to address them swiftly and effectively to minimize their impact.

Additionally, you have the option to set up email notifications for these incidents. This way, HelloID can alert you immediately when an incident arises. You can find more information on how to configure these notifications on our website.

Getting started

Are you ready to start working with HelloID’s functional and technical logging? Should you have any questions, feel free to reach out to us. Our team of experts is ready to assist you.

KaHo Man

Written by:
KaHo Man

KaHo, with 18 years of experience in consultancy, is an implementation consultant in Identity & Access Management (IAM) at Tools4ever. With a solid foundation in Higher Informatics, he has become a respected mentor and trainer, sharing his knowledge with colleagues and partners. KaHo's expertise also extends to delivering HelloID sales demos and technical intakes, conducting health checks, and overseeing project reviews.

< back to the overview