Access Management - Where to get started
As an organisation, you want to optimise employee productivity. A key prerequisite for this is getting efficient access to the right applications and data. At the same time, you need to ensure that unauthorised access to your sensitive systems and data is prevented. HelloID Access Management supports you in this and takes a lot of the work off your hands. In this article, we will help you get started with this module, explain its capabilities and highlight some of the considerations you may want to take into account.
What is HelloID Access Management?
HelloID Access Management is a cloud-based module, which is part of Tools4ever's identity & access management (IAM) solution HelloID. The module provides employees with simple, fast and user-friendly access to the applications they need.
Employees often work in a broad range of applications, which introduces a level of complexity. Each application typically requires unique login credentials for security reasons, meaning users may soon need to remember dozens of different passwords. In practice, this creates several challenges. For example, employees may choose weaker passwords than desired in order to manage them more easily. They may also forget passwords, resulting in an additional burden on the service desk.
HelloID Access Management offers a solution. Thanks to the module, users only need to log in once, after which HelloID gives them access to all the applications they need via a user-friendly dashboard. This ensures access to applications and systems is always properly secured, while also reducing the burden on your service desk.
Getting started
Would you like to get started with HelloID Access Management? This does require some preparation, something our experts will of course be happy to support you with. For example, to correctly set up access to applications, HelloID Access Management needs access to your source data. So, start by mapping which source system or systems hold your user data. These might include Microsoft’s Active Directory or Entra ID, as well as Google Workspace.
However, you may also be using HelloID Provisioning, a cloud-based solution that fully automates the management of user accounts. HelloID Provisioning establishes a connection between your HR system and user accounts in the network. Through this integration, the module can fully automate the onboarding, transfer and offboarding process. This ensures that account details and user permissions are always up to date. HelloID Access Management integrates seamlessly with HelloID Provisioning.
How will you let users log in?
Once you’ve identified which source system holds your user data, you can determine how you’d like users to log in. One option is just-in-time provisioning, where users are granted access to resources and applications only when they actually need it. This can be particularly relevant if you work a lot with temporary staff or contractors.
You’re in full control. You can choose to offer a single login method or support multiple options. For example, you can combine a source system like Active Directory with HelloID’s local login functionality. This can be especially useful if you don’t want to include external staff or temporary workers in your source system. In such cases, however, just-in-time provisioning is unfortunately not possible.
Which applications do you want to connect?
Another important question you need to answer to get started with HelloID Access Management is which applications you want to make accessible Single Sign-On (SSO). Consider applications such as Spend Cloud, Intus InPlanning, iProtect, Ysis, IFS Ultimo and Elanza.
To enable integration with an application, it must be SSO-compatible. So, it’s important to assess which applications support this. Does the application, for example, support SAML, OpenID Connect, or WS-Federation? In consultation with the application provider, we establish the connection and thoroughly test the integration.
If an application is not SSO-enabled, then it certainly does not have to mean that an integration is not possible. In many cases, we can consult with the supplier to still establish a connection between HelloID and the application. If the supplier is unable or unwilling to support any SSO protocol, using a plugin application may offer a solution. However, certain prerequisites apply, such as deploying the plugin across all workstations to facilitate the integration.
Ensuring data accuracy
To establish a successful connection, it is also important that the data in your applications is accurate. For example, an SSO connection always requires a so-called ‘link key’, which could be an e-mail address or employee number. These details must be consistent across both the applications your users will access and your source system. Check if this is the case and adjust if necessary. Also, ensure that all required data for the SSO link is available in the source system—or determine whether the source needs to be extended first.
In addition, some applications expect additional information. This may include an employee number, date of birth or additional name details. This information is not always readily available by default in the source system. It may therefore be necessary to extend the source to include these data fields. In other cases, it may suffice to ask users once to provide the required information.
Please note that setting up and/or using an SSO connection may incur additional (monthly) costs from the application supplier. These costs vary per application. Therefore, be sure to identify the costs in advance and contact the supplier if necessary.
Multifactor authentication
With SSO, users only need to log in once to gain access to all applications and data sources to which they are authorised. This makes it essential to ensure SSO accounts are properly secured. Multifactor authentication (MFA) can take your security to the next level. In this setup, users not only log in with a username and password, but must also use a second form of verification. This could be an authentication app on their mobile phone, a code sent via SMS, or a hardware token.
Determine whether you want to use MFA and which form best suits your organisation's user workflow or requirements. HelloID Access Management offers extensive support for MFA methods, including FIDO, Push-to-Verify, SMS and email. Integrations are also possible with Microsoft Authenticator and Google Authenticator, and others. You can continue to support MFA methods and tokens already in place.
Integrations
HelloID Access Management gives users access to the applications they need via a user-friendly dashboard by default. However, you can also choose to integrate it within your own environment. For example, if you work with an intranet or IT management solution such as TOPdesk, AFAS, SharePoint, Embrace, triptic or a&m impact, then you can seamlessly integrate HelloID Access Management with these systems. In this setup, users log in via the intranet and access their own personal portal, which includes all the information and communication tools they need. The HelloID widget gives them access to company applications directly from the intranet. Thanks to this integration, employees have a user-friendly digital workplace that supports them in every aspect of their daily work.
Getting started
Do you want to get started with HelloID Access Management? More information is available here. Do you have questions or want to consult with our experts? Then get in touch with us.