Important
This repository contains the connector and configuration code only. The implementer is responsible to acquire the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.
HelloID-Conn-Prov-Target-Exchange Server On Premises is a target connector. Exchange Server On Premises provides the option to correlate to existing Exchange On-Premise users and provision groupmemberships and sharedmailbox permissions.
Only Exchange groups are supported, if the group can be managed via AD, we advise to do so
If you want to create Exchange On-Premise users, please use the built-in Microsoft Active Directory target system and make use of the Exchange Integration.
The following lifecycle actions are available:
| Action | Description |
|---|---|
| create.ps1 | PowerShell create lifecycle action |
| enable.ps1 | PowerShell enable lifecycle action |
| disable.ps1 | PowerShell disable lifecycle action |
| permissions/groups/grantPermission.ps1 | PowerShell grant lifecycle action for groups |
| permissions/groups/revokePermission.ps1 | PowerShell revoke lifecycle action for groups |
| permissions/groups/permissions.ps1 | PowerShell permissions lifecycle action for groups |
| permissions/sharedMailboxes/grantPermission.ps1 | PowerShell grant lifecycle action for shared mailboxes |
| permissions/sharedMailboxes/revokePermission.ps1 | PowerShell revoke lifecycle action for shared mailboxes |
| permissions/sharedMailboxes/permissions.ps1 | PowerShell permissions lifecycle action for shared mailboxes |
| permissions/sharedMailboxesDynamic/subPermissions.ps1 | PowerShell grant, update & revoke lifecycle action for shared mailboxes |
| permissions/sharedMailboxesDynamic/permissions.ps1 | PowerShell permissions lifecycle action for shared mailboxes |
| resources/groups/resources.ps1 | PowerShell resources lifecycle action for groups |
| resources/sharedMailboxes/resources.ps1 | PowerShell resources lifecycle action for shared mailboxes |
| configuration.json | Default configuration.json |
| fieldMapping.json | Default fieldMapping.json |
| correlateOnly/create.ps1 | PowerShell create lifecycle action for only correlating |
| correlateOnly/configuration.json | Default configuration.json for only correlating |
| correlateOnly/fieldMapping.json | Default fieldMapping.json for only correlating |
| postAdAction/postAdAction.create.DisableExchangeActiveSync_OWA.ps1 | Post-AD-action used in builtin AD-connector create lifecycle action |
- Execute the cmdlet Enable-PsRemoting on the Exchange server to which you want to connect.
- Within IIS, under the Exchange Back End site for the Powershell sub-site, check that the authentication method Windows Authentication is enabled.
- Permissions to manage the Exchange objects, the default AD group Organization Management should suffice, but please change this accordingly.
- Required to run On-Premises.
- Concurrent sessions in HelloID set to a maximum of 1! If this is any higher than 1, this may cause errors, since Exchange only support a maximum of 3 sessions per minute.
The correlation configuration is used to specify which properties will be used to match an existing account within Exchange Server On Premises to a person in HelloID.
To properly setup the correlation:
-
Open the
Correlationtab. -
Specify the following configuration:
Setting Value Enable correlation TruePerson correlation field `` Account correlation field Account.UserPrincipalName
Tip
For more information on correlation, please refer to our correlation documentation pages.
The field mapping can be imported by using the fieldMapping.json file.
By using this connector you will have the ability to manage groupmemberships. Since we use the cmdlets from the Exchange Management Shell, it is required to Enable-PsRemoting on the Exchange Server, allow Windows Authentication for the IIS site and assign permissions to the service account. For more information, please check out the Microsoft docs.
The following settings are required to connect.
| Setting | Description |
|---|---|
| Connection Uri | The connection uri of the on-prem Exchange |
| Username | The username of the service account in Exchange |
| Password | The password of the service account in Exchange |
| Authentication Method | The authentication method that is used to authenticate the user's credentials |
For more information on how to configure a HelloID PowerShell connector, please refer to our documentation pages
If you need help, feel free to ask questions on our forum
The official HelloID documentation can be found at: https://docs.helloid.com/