Access Management - Connecting one or more identity providers
Many applications can only connect to a single identity provider (IDP). That’s not ideal, especially since many organisations use multiple IDPs. HelloID offers a solution and makes it possible to connect multiple IDPs. This ensures that all users within your organisation have access to the right applications.
HelloID Access Management is a cloud-based module that’s part of Tools4ever’s IAM solution, HelloID. The module provides employees with simple, fast, and user-friendly access to the applications they rely on. HelloID Access Management includes support for Single Sign-On (SSO), allowing users to log in only once to access all their applications.
Are you working with multiple IDPs, such as a combination of Google Workspace and Microsoft Entra ID? If so, this can present challenges when trying to provide employees with access to applications. For instance, many apps only support one IDP. As a result, for example, only users from Google Workspace may be able to access a specific application, while users from Microsoft Entra ID cannot use it.
HelloID Access Management offers a solution and allows multiple IDPs to be linked despite application limitations. HelloID acts as the IDP in this regard. The IAM solution connects to your multiple IDPs. This ensures that the right information ends up in the right place.
What are potential applications?
The use of multiple IDPs occurs in all kinds of organisations and situations. Think of schools, for example, which have student data stored in Google Workspace while employee information is held in Microsoft Entra ID. Or healthcare organisations, which often collaborate with each other in dedicated target applications. If the organisations involved use different IDPs, this can create access challenges.
Mergers or reorganisations may also result in multiple IDPs being in use within an organisation. For instance, when organisations haven’t fully integrated with each other yet or the transition to a new source system is still in progress.
If employees only use a limited number of applications and don’t require a full account, you can opt to use local HelloID accounts. With HelloID Access Management, you can combine these local accounts with, for example, accounts from Google Workspace or Microsoft Entra ID.
In some situations, a user may appear in multiple IDPs. Consider, for example, a student who works at the school for a few hours a week. In this case, HelloID Access Management can connect multiple IDPs to one user object within HelloID. This allows the user to access all applications he needs as a student and employee with one account. Please note that connecting multiple IDPs to one user object requires additional configuration.
What do you need to take into account?
Using multiple IDPs involves a few key considerations. In most cases, users will be presented with a selection screen during login, allowing them to choose between different login methods. You have the option to offer a specific login method as the default method, so users only need to confirm their choice. HelloID can also suggest a specific login method based on factors such as the user’s IP address or the web browser they’re using.
When switching to HelloID Access Management, users will see a different login screen than before. In many cases, they’ll need to choose between multiple login methods. This can be confusing for users. That’s why it’s important to communicate this change clearly and timely.
It is always still possible to log in with a local user login. This option is available as a backup login method. This is why the login method can be hidden, but never disabled. The local user login only allows logging in with a local HelloID user ID, and cannot be used with an account originating from a source system connected to HelloID.
Another point to consider is the potential increase in support workload. Using multiple IDPs can create additional tasks for the support team. For example, if a user experiences login issues, the first step is to determine which login method they’re trying to use before the root of the problem can be identified.
Getting started
Want to get started with HelloID Access Management? Read more about what’s possible here. Would you like to speak to one of our experts or do you have any questions? Don’t hesitate to get in touch with us.