ROLE | IT Servicedesk

A New Era in IT Support

For most employees, the helpdesk team is their first point of contact for IT inquiries, from account and access rights requests, setting up mailboxes, to name changes and resetting passwords. However, we are constantly exploring ways for people to do more things themselves, allowing the IT helpdesk staff to focus on more complex requests. This approach is not only preferred by employees but also makes the work more challenging and interesting for IT helpdesk workers. A modern IAM solution facilitates this.

Automated Onboarding, Transitioning and Offboarding Processes

No more need for support staff to manage standard accounts and access rights. HelloID automates the initial rights allocation upon onboarding, as well as rights adjustments when someone changes roles. When leaving the organisation, HelloID ensures the relevant account is automatically closed.

Professional First-Line Workers

Complex user requests can now be handled directly by first-line workers through ‘delegated administration screens’. HelloID ensures that input is processed fully automatically in the backend systems. First-line workers can carry out management tasks independently without the need for technical system knowledge, and expensive management licenses are not required.

User Management Directly by Managers

Team managers are increasingly empowered to handle service tasks themselves. They can easily input the necessary data using intuitive, delegated administration screens. HelloID then ensures that this data is automatically processed in the backend systems. Managers are well-placed to assess user requests, allowing the support team to focus on other matters.

Self-Service for End Users

End users now have the autonomy to manage many IT requests via an online self-service portal. This intuitive portal allows them to request applications, access rights and other services. HelloID automatically involves the relevant managers for online review and approval, and then the platform ensures the request is processed promptly in the respective systems.

More Engaging Work for IT Employees

In a competitive job market, where retaining IT professionals is challenging, enabling even less experienced staff to independently handle administrative tasks is beneficial. More experienced staff can then focus on more complex matters. Thus, HelloID makes IT support work more dynamic and engaging overall.

Questions Often Asked by the IT Service Desk

How does automated onboarding, transitioning and offboarding work?

Two key elements are essential for automated management of user accounts and access rights: Role-Based Access Control (RBAC) and a direct connection between the HelloID IAM platform and the HR system.

In RBAC, the issuance of access rights is directly related to roles within the organisation. Knowing someone’s role, the RBAC framework automatically determines the appropriate access rights. For example, an administrative worker in a healthcare institution should have access to financial systems but not to medical records in the Electronic Patient Record, while a healthcare provider should be able to consult medical data but not financial information. Within HelloID, such an RBAC structure can be created using business rules that are easy to set up and modify. Tools4ever offers tools such as a Role Mining workshop to develop an initial RBAC model.

It is essential to know each employee’s role at all times. This is achieved by directly linking a source system – usually the HR system – to HelloID. The HR system maintains all personnel data – including roles – and serves as the ‘single source of truth’ for our access management. Role changes in this system are automatically communicated to HelloID, which then adjusts rights according to someone’s new role. This aligns with the ‘least privilege’ principle, ensuring individuals have access only to applications and data necessary for their role. This ensures that HelloID accurately sets up rights during the onboarding of new employees, adjusts them as necessary for role changes and deactivates accounts when individuals leave the organisation.

How do delegated administration screens support the helpdesk?

Service requests from users can range widely, from applying for additional/temporary access to specific applications (such as Visio) to changing an account name due to marriage or divorce. Often, these requests require changes in one or more connected business applications and/or in the Active Directory, which can be a complex and error-prone process. Traditionally, specialised IT training and expensive management licenses were required to handle these tasks. However, HelloID provides a simple and efficient solution with delegated administration screens. At the same time, you also don’t want these kinds of requests to be handled only by specialised IT staff.

HelloID simplifies and streamlines the process with what are known as delegated administration screens. These screens provide the administrator with a user-friendly interface specifically configured for the service action(s) that the helpdesk staff need to perform. The information from a completed and confirmed form is then automatically processed within HelloID and converted to the correct settings in the relevant back-office systems. This allows the helpdesk to perform a wider range of management tasks themselves, without the need for expensive training, licensing costs and with a reduced risk of errors. Meanwhile, IT specialists can focus on other matters.

Can RBAC manage all access rights automatically?

No, Role-Based Access Control (RBAC) can assign general access rights. For certain roles where access rights are clearly defined, such as specific operational roles in healthcare settings, rights management can be fully automated. However, roles with broader descriptions, such as project managers, receive only a basic set of rights. Additional rights, such as a Visio license for a specific project, need to be requested separately. Typically, 80% of access rights are provided and managed through RBAC by default, and the remaining 20% are granted based on individual requests.

How can managers handle service processes themselves?

In many cases, a user’s manager is the best person to handle service requests, as they can aptly evaluate whether someone really needs a certain license or data access and are naturally mindful of licensing costs. With delegated administration screens allowing helpdesk staff to work more independently, similar screens can enable managers to handle a portion of the service requests for their own teams.

Managers get access to a user-friendly interface configured specifically for the service action(s) they need to perform. Data from filled out and confirmed forms within HelloID is automatically processed and converted into the correct settings in the underlying IT systems. This allows managers to carry out many management tasks themselves without additional training or licensing costs, leading to more efficient and effective service management and reducing the burden on the helpdesk.

How does self-service work for account and access rights management?

HelloID automates service processes. Through a user-friendly portal, a user can request applications, access rights and other services through a single click and, if necessary, filling out a brief form. HelloID can configure the process for each type of request. Depending on the user’s role/department and the nature of the request, one or two managers might need to review an application. HelloID manages this automatic approval process. Managers receive requests, for instance via email, and can approve, reject or provide feedback. Once approved, HelloID processes and activates the change in various target systems. HelloID also supports setting temporary activations for licenses and access rights, such as during a specific project’s duration, thus preventing the build-up of unnecessary access rights.