Important
This repository contains the connector and configuration code only. The implementer is responsible to acquire the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.
HelloID-Conn-Prov-Target-NTFS-Folder is a _target connector that allows you to manage the NTFS folders and permissions. If you need to adjust the permissions on the folders created by the HelloID built-in AD connector (Home, TsHome, Profile or TsProfile), the Post AD action script can be used. For creating or managing folders not created by HelloID, the GrantPermission and RevokePermission scripts can be used.
The following lifecycle actions are available:
| Action | Description |
|---|---|
| correlateonly/create.ps1 | PowerShell create lifecycle action |
| permissions/HomeFolder/grantPermission.ps1 | PowerShell grant lifecycle action |
| permissions/HomeFolder/revokePermission.ps1 | PowerShell revoke lifecycle action |
| permissions/HomeFolder/permissions.ps1 | PowerShell permissions lifecycle action |
| configuration.json | Default configuration.json |
| correlateonly/fieldMapping.json | Default fieldMapping.json |
| postAdAction/postAdAction.create.SetDirectoryPermissions.Set-ACL | Set permissions to the already created NTFS folder using the command Set-ACL used in the Create Post Action of the built-in Microsoft Active Directory Target Connector |
| postAdAction/postAdAction.create.SetDirectoryPermissions.icacls | Set permissions to the already created NTFS folder using the command ICACLS used in the Create Post Action of the built-in Microsoft Active Directory Target Connector |
The correlation configuration is used to specify which properties will be used to match an existing account within NTFS to a person in HelloID.
To properly setup the correlation:
-
Open the
Correlationtab. -
Specify the following configuration:
Setting Value Enable correlation TruePerson correlation field PersonContext.Person.ExternalIdAccount correlation field employeeId
Tip
For more information on correlation, please refer to our correlation documentation pages.
The field mapping can be imported by using the fieldMapping.json file.
- The HelloID Service account requires the following permissions:
- Local admin on the fileshare/ntfs server.
- Full Control on the share itself (Share permissions, not NTFS permissions on the folder(s)).
- Full Control on all folders on the share (NTFS permissions, so not Share permissions on the Share).
- Optionally, the following policies:
- Local Policies > User Rights Assignment > Manage auditing and security log
- Local Policies > User Rights Assignment > Back up files and directories
- Local Policies > User Rights Assignment > Restore files and directories
Important
The revoke scripts use the stored account data if the AD account is removed before archiving the folder. The default target connector name NTFS is used. Please change the name on rows 54 and 55 if you use a different target connector name.
Tip
For more information on how to configure a HelloID PowerShell connector, please refer to our documentation pages
Tip
If you need help, feel free to ask questions on our forum
The official HelloID documentation can be found at: https://docs.helloid.com/